www.warmsoft.sa.com/ycjof/iukjfpl877206sckxp/-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
172.67.134.59200 OK 533 B URL HTTP/1.1 www.warmsoft.sa.com/ycjof/iukjfpl877206sckxp/-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
IP 172.67.134.59:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 193c785ff9e9da1bea64609e6ec6b17f
1e101317b03d1f074e66e8be9002d023bb227981
93fb2b986a0e61c98dfe1404cf6f93170cba5523a7b4393a893b97def40b66c9
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /ycjof/iukjfpl877206sckxp/-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_ HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.25
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dk8f5z%2F6J3rAlDxqSRBci%2F13C%2BBT0crWMGpPOuLi5dmrl19i%2B1UJi8zBjrbsyMyRP7rtTCPqIe23woVkLjvBJl0hMGOxYtVSlJ8pzJqE6dUJVD4RDz2M8XpITv0x7jvfCLyg8pfP"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75805c26ab3db51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
108.157.229.61200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 108.157.229.61:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 3f17af4e8a1739eda4a518039f4892f9
c3feba08ae7e8f57e0fe9bcd2ebedea6bda67cbb
c485b09cad08b5233fe8753682faf59219fe0d18fcc34d90dc88fb0971295f5f
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 10 Oct 2022 14:48:21 GMT
Expires: Mon, 10 Oct 2022 15:28:10 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 fdac35835bcf0937b6f910eeac10720e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P2
X-Amz-Cf-Id: 9YGIsjDamsG6VbMm-k2VlqJ28gm3mTW30O9BtncNjQCZ_jsREJSRjw==
Age: 2134
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ef6d323da0ad155f526b4a57c2e46ccc
71686b19b3ca049b9b66f8740284c552a3f61a20
99e2f56075a08f133a9d1d0122ab9ef2d9eaa61e18f46994e52e21a8a53203f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "99E2F56075A08F133A9D1D0122AB9EF2D9EAA61E18F46994E52E21A8A53203F3"
Last-Modified: Mon, 10 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8905
Expires: Mon, 10 Oct 2022 17:52:20 GMT
Date: Mon, 10 Oct 2022 15:23:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3d0ffae9abfdf558a6286013a0201c8b
2dc8ea0000a1b0c0f849611fdd73429bca51bfad
8e19eab9b6d16819f9ef3920971542cbcf5dd18280617e2de1a3827f0c149398
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8E19EAB9B6D16819F9EF3920971542CBCF5DD18280617E2DE1A3827F0C149398"
Last-Modified: Sun, 09 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3882
Expires: Mon, 10 Oct 2022 16:28:37 GMT
Date: Mon, 10 Oct 2022 15:23:55 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 2Vs7tv0n3p9i3Ujqc3VhvYXGyGiXgE5jQIiQryMYSaTnhDV6Zj1Gzj8gjNzGqpclSDAsakMzq0w=
x-amz-request-id: Z7ZX37P2NNAMR09V
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 10 Oct 2022 15:00:28 GMT
age: 1407
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 10 Oct 2022 15:23:55 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 2c08f85bd74f5c0456761cd4180e3d1b
1fb1ed9973e481092ae4e51e7277e7e58144f994
e5e5d24ca076fb29f70c900432ad20cc1c838d61924c257d2fe01e898a76ecad
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 15:23:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 43141c37657b2dc617dc65bfe97a865c
df200056afa06387a505aac1d8098c6675356ba9
e9e99ad50877b82025b812718da985f84e52654af4b62244ca3a162c2da17cc4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 15:23:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.warmsoft.sa.com/jquery-1.11.0.min.js
172.67.134.59200 OK 33 kB URL HTTP/1.1 www.warmsoft.sa.com/jquery-1.11.0.min.js
IP 172.67.134.59:0
File type ASCII text, with very long lines (32341)
Hash 95fe3f4dd117c33f6015e1c3d6df1d0d
d5b8856932d1ea63f51824de0bb50670d2e960bc
e6945ac3f1927f242a9fd7a5cf67720f7763888127a7427eb24ffc52019d4b16
Analyzer Verdict Alert quad9 Sinkholed
GET /jquery-1.11.0.min.js HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/ycjof/iukjfpl877206sckxp/-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:55 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:03:39 GMT
ETag: W/"62e8238b-1787d"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kewc8ULU3hQ4ekRghMjHSRYGIbpYBuHFLx%2Fs4OfRqchKZUpYz39zhgaT9qqRYbhlFy0L5kHj3WykbmDSKDV2WVrYzEQi2w0W9vMzeyYfEWrzS2FBGdxkCUdxlMj8BtkgTAZ2q6bd"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c28dfdeb51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/offer.php?id=449&sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
172.67.134.59200 OK 332 B URL HTTP/1.1 www.warmsoft.sa.com/offer.php?id=449&sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
IP 172.67.134.59:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash fbfcba0dd90126ddfd7586cfbc64df66
54f2dc4ad18472f8752ff707cf312b73ce4e00e9
0099c0b4aee9f875e1a48b7f19401d1b831b06e279b1d15757a0564f9952fe06
Analyzer Verdict Alert quad9 Sinkholed
GET /offer.php?id=449&sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_ HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/ycjof/iukjfpl877206sckxp/-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.25
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nZXtYrIvOOMtHJUcnwWHAReolttLthAx1tTKLLF2N0ewoPiUnFTFDda%2FJFNrfmkFsxFDrenuEohrzL%2FVW5oRvMbr2anbtWJCmKuvEFCGqNCxu5p6kMEiiEoNdkwdBQHFRiTTzeEv"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75805c2abb6ab51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
108.157.229.61200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 108.157.229.61:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Pragma, Content-Length, Backoff, Last-Modified, Cache-Control, Content-Type, Retry-After, ETag, Expires, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Mon, 10 Oct 2022 14:29:41 GMT
Cache-Control: max-age=3600
Expires: Mon, 10 Oct 2022 14:31:49 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 d913eed4ff9d3ba68bce11280aa7e1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P2
X-Amz-Cf-Id: LO-_M2teOAVMni3sSMi2I0j6Um5tQ3Srec1OitEld-67hbtUM2dTZQ==
Age: 3255
www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
172.67.134.59200 OK 21 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
IP 172.67.134.59:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6926), with CRLF line terminators
Hash 8aa4d940b8f57493e9ed098f4bd07eaf
f53ddd6bd0eafcb098f7809f9fbc18f367d68ecc
cafa78dea8b5e6d653b2044e31cc55d7c17b625aeda7bffb08790a10f8070912
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_ HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.25
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7JK2Q%2Fw1Q5sH0zdIEeubPe8gh1Hp2JpZD2E0n54Hwa1WqCXDaNwef6gjR4NQmYIZCrWEn4dLGmHrrZUh8WBNdBAr%2B1%2BU5wgmfGBpgodCNnJzp6JbYeyhCrgxrc19rjy5PWdhyUrk"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75805c2c0dadb51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/wp-emoji-release.min.js
172.67.134.59200 OK 4.7 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/wp-emoji-release.min.js
IP 172.67.134.59:0
File type ASCII text, with very long lines (11272)
Hash 71b6d75cd4e93368516cec04a93790f8
d274862e4ee8bea24bf1d6d6f8f1e231abd778c2
7f1d272195370f3d6541779815b23d961b1cb9474d3bf57786f9844840083596
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/wp-emoji-release.min.js HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:56 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:29 GMT
ETag: W/"632a3299-3795"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ce1CyEWwh3An71z5uv%2FfaX3Dktlpp1JoyRijyFExGN6c390MubqByIkDpz%2BeCk7q9PmTJBY1rKtRMsxSZZLQi7KdOMRCVtwpPx0KDUCqI2JsWY8ihotoFxiaNcj3niydMdZrd54A"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c2c9b851bfa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/elementor-icons.min.css
172.67.134.59200 OK 3.8 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/elementor-icons.min.css
IP 172.67.134.59:0
File type ASCII text, with very long lines (19233)
Hash 8ff9a7b769f1dd6a22e37d3e77c538f1
3c904f8b42df2e2a0a566c18c19d6793b26d37bf
cbb4376f0b776b633543bbea816811a257d3ea9b44c5e632d531513638d46fa6
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/elementor-icons.min.css HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:56 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:00 GMT
ETag: W/"632a327c-4b4f"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=upgx%2Bms5vQg5S78Dt7SpRdgDiMVFLvY%2FBUA44EsNUigz%2Br4d9E6tQQKC3WYn2KttZC105SQnsiY7kY3uRq0uTZxGi%2FAb7dbAniK72Anmx9jzgQE%2BQKDv5owXNd2ue9dsl5i125Gn"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c2c9ea8b4ed-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d545bc725dcd5d6f1dfc10a8b35aeb3a
82d92587953dac8a05d691730b8318719328de6b
9d1e6f1bf4b1c138d9e07e67264cb9ac5090a1c338ff72c87e1758e187cccb24
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5038
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 15:23:56 GMT
Last-Modified: Mon, 10 Oct 2022 13:59:58 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
www.warmsoft.sa.com/clicks/BarxBusyBall_files/analytics.js
172.67.134.59200 OK 20 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/analytics.js
IP 172.67.134.59:0
File type ASCII text, with very long lines (1325)
Hash 591d54bd92cf26b373257e9fb7a33f6b
a55b132ed25dee24900bf1d4672336ae640f22c8
851e9a6d089fa3f28cae238a77546d6e195f7148c8930e40636668d66b294fb0
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/analytics.js HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:56 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:36:50 GMT
ETag: W/"632a3272-c41d"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=16Jc%2FCijWg9nFGzQk6z0rgCbSAP9nWvaOawf7lvHRfPO9jsp724jEWvXCJxUwGTP6LUyCfwEHfvMjiTq6tiqpE9bSZMaEN9giWSeEm3o%2BfG8n0CoDTQHNtTfOYUf5eXQuhaTy9K6"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c2c8da70b65-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/frontend-legacy.min.css
172.67.134.59200 OK 841 B URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/frontend-legacy.min.css
IP 172.67.134.59:0
File type ASCII text, with very long lines (13766)
Hash 33628cd8b2d92ed0a17f803521030e29
3419f47abb56eed874af447f42b372afedd17043
b78e1b4ca7ffdc42f304e81c98aa52ac90f1bc59a7d0c193f60d26b5237787cd
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/frontend-legacy.min.css HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:56 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:02 GMT
ETag: W/"632a327e-35ed"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tCSEENXyXbeiJpblE7whwpw5%2B5Qls8gxVwjFAxX1OYf0Ubg0xvhpKX0uvlizi1cI8%2BHaQcpXKFtAk6O2JmIh0NEwjQLZclKBBDJey1ITfE%2FG11FZW9RUyMkjPrxo0b%2BdSNnQ6IWi"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c2d1ee0b51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/gtm.js
172.67.134.59200 OK 48 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/gtm.js
IP 172.67.134.59:0
File type ASCII text, with very long lines (5023)
Hash bc89e8d21075123f643899c2c9bba6ca
d1db9a2b1334b891e91429f1cf52ab2ded511444
d40c0195a5fc269fa19fd16ba79fa5e661b54e6edf50e86ad8db93cd7a44911e
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/gtm.js HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:56 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:06 GMT
ETag: W/"632a3282-1ebc6"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=idS%2FIBtwLLa2%2Bf8jqz%2BiX1%2B7Tc6tAUvMmeS85LlwBU7HuYlXN6RK%2BlJD8T05gjoGCW7R9XSm2cP2pEjDcjuYCuXr7rOPfvYFYlE4xISb4QMHpI8wK6zj7y83WDnJcOt7r9h0JJ%2FB"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c2c8eb4b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/post-293.css
172.67.134.59200 OK 442 B URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/post-293.css
IP 172.67.134.59:0
File type ASCII text, with very long lines (1312), with no line terminators
Hash 0b02aeac8980b28de54af97c665dfe72
25da527faf97f005948f97bfebb5fe79537df218
1d582e5785547b4bfc359af4c96fdfcddc8b308dfb20c6fbc9b51a9ea38d7401
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/post-293.css HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:56 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:19 GMT
ETag: W/"632a328f-520"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B4Kq4twEVF5Gr52%2Fh7GpDimH%2FzRyVYHryJAK4RKQngiwP9QpSgYjAyEcVhL5iUYpFZ7GegUXB%2FsjAmkm8Yfe6O7Wt%2Bccdu1eY8xk9zVVkGSh51rOFleXLFn7JY6NKftBsbSzKcs8"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c2db867b4ed-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/fbevents.js
172.67.134.59200 OK 27 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/fbevents.js
IP 172.67.134.59:0
File type ASCII text, with very long lines (64348)
Hash a4a24a0cc251d41c2c34daca410fef20
7d228600f6c2af7cbf5dbf39026dd54c2e2a45b2
9e6fd695ea02e5df7e597d9713a20362c439fb54415598602dc6324505ba8e32
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/fbevents.js HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:56 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:01 GMT
ETag: W/"632a327d-192f8"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2v6wTtPXEwbO9kRZmmwUDRzWRti2Z60BdwwsZehLHoDK70wCekV%2FT2Pm8Erjyze2YWGnJRK%2Bcb8tFpDecRQql%2BBETlCnCX5gP2bhu7D%2FbQirrcvEFa7FkcsdeirNBMuUOXpKJDgH"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c2c8da2b500-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 1e303e306341c9d780f271d315176dc8
90f2dffede897c9b2fdfb6eb17539f7010d586eb
7484160f2959e5bf0acae45e89436090bd093d3c6b279acd0f29a22d03a25bbe
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 15:23:56 GMT
Server: ECS (amb/6BAD)
Content-Length: 279
push.services.mozilla.com/
35.155.157.101101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.155.157.101:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: TnMnD7pevpxhPZp4xUSKiQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: x30ap4+l3gCBieJ6YH9Q92SvKro=
www.warmsoft.sa.com/clicks/BarxBusyBall_files/post-30.css
172.67.134.59200 OK 2.5 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/post-30.css
IP 172.67.134.59:0
File type ASCII text, with very long lines (27314), with no line terminators
Hash 775ce3a6470487fccab1ad577464ba12
b4623e5f9bdd5001f150ff33cc9c4e3667a10305
364bac287f929cadd0410cfde464a3acc5ba8c463a3633ec233dfcf68cc89a40
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/post-30.css HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:56 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:20 GMT
ETag: W/"632a3290-6ab2"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eUJ0Ez2arXgzrnEglVFelFSu0tD8iadjcKAExz97G3qLsIHOAb53tgAbpfI%2Ff3Gv%2Fl0v%2ByHcqltyEOnQOi9gqVtEpqkRZeadKiIR5O45vEzaa7epSKXLsyJma70DvfItyhHmmPqO"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c2e4921b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/global.css
172.67.134.59200 OK 2.7 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/global.css
IP 172.67.134.59:0
File type ASCII text, with very long lines (14692)
Hash 22d3258e386dbbdf95db8ab2ba7e423d
0dedc3fb838491f2a04cfc3f549472371412dc00
b0b68fb219665b2c2bd80632f53e90675e3dda3ffa6d7e31a559ffe24741314d
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/global.css HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:56 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:06 GMT
ETag: W/"632a3282-9b5c"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k2iB%2FpTcGlTApyOLNfnf0LC9rzPkcHQ1OuuLM33KrEo9L6fg5hSkCOUZEI9KSuIXAvBqsYe9%2BdFZUZpiEOrmbMEIwb6TD1Q8CRveQvHz%2BHrVLa8NpEvEIq5mPF6AdwvWM9SfpERR"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c2e0836b51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/frontend.min.css
172.67.134.59200 OK 20 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/frontend.min.css
IP 172.67.134.59:0
File type ASCII text, with very long lines (65497)
Hash a99c6e51459887016152f5ff10940d79
af1351af92cac87a558edf47e49c9e1a1797498b
4d4a79921112de5e7ba5f5a295637200eb94a0c95a95a370a61c3a0cc9ddade9
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/frontend.min.css HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:56 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:03 GMT
ETag: W/"632a327f-2871e"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AZBrcAroNxtREaL92AnxY%2BkZoBcTYhTrPCkSGHTD5NNaw8K0wfpREYoA16xeNMVOAIGxHEk0yMfAvGrPNDZP3ReXJvBDtktBGzElKccOrFACUCgyzbQW6xW7b9zxBhPHWW9rBZFc"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c2dbca51bfa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/fontawesome.min.css
172.67.134.59200 OK 12 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/fontawesome.min.css
IP 172.67.134.59:0
File type ASCII text, with very long lines (57726)
Hash 17fd94d9f0bb4766d4ef7a40e9b72c6d
209efb50dd482437e0d7f4dee1a42e8525c5b203
bdc3f617f541d996de0579bbd01ecb9b643a4968ce2d5b0bea3aedfc73417755
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/fontawesome.min.css HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:56 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:02 GMT
ETag: W/"632a327e-e238"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=on9TIeVWD0xOb9bDs%2BywPirZ1RagjG%2FxE3z60LN4W04ZlabqM6FeBLnaFYB9w1wsV2AR38rp8wS%2BNTuDWhlNHS9oXZp6f2k%2Bdz4samy0zkXIXtfiDxTffIlX8MsJ712JwsnGNd3F"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c2e6947b500-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/css.css
172.67.134.59200 OK 2.1 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/css.css
IP 172.67.134.59:0
Hash a2042d6e18638f91b3ba7da090bfb9c0
10b872776163043e59f3338b8c5a664bd42f25c7
9b86b7e21024d4c484fedf5a03cc4294cbbb6b9025985512925b8362c99023eb
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/css.css HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:56 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:36:57 GMT
ETag: W/"632a3279-1257e"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TF7xlnzqdEAo15eqILv0M8EyMDkI3ch08OjjvfdO4BSzJcpnzBKT6wT%2F1JjS125c%2BENRWNkLSDKn7K%2F3ybD29K%2FwPsW6S%2BcAvsx0gftBcYcpKgJXKXAzC9XoMtu3zwwnft9bZRGG"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c2e693ab4ed-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/brands.min.css
172.67.134.59200 OK 312 B URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/brands.min.css
IP 172.67.134.59:0
File type ASCII text, with very long lines (489)
Hash 6a022b68e443848e247029d92bc6ecdc
c11c6feabf7997fa9d1b08eb2c36476f9352d4de
bf7945206dad7cb2c0b38023fe794ce553791a43664c32c39fd2f6b44aff5951
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/brands.min.css HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:56 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:36:56 GMT
ETag: W/"632a3278-2a3"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XVFP8Uq4no8CXCaPnde8pjMucJDvohe705zCnYM9pRz0yTU%2Fvr7lVcIcOmOSGiSc0aG24kvxnjzQVtJBfG%2FuVHsJSNHpM38gqDSZJx4ixfdXfhP9zvobB8qQitsecZRzQLi%2Bi0Ou"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c2f2a66b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/solid.min.css
172.67.134.59200 OK 311 B URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/solid.min.css
IP 172.67.134.59:0
File type ASCII text, with very long lines (483)
Hash 217be86c62c0f0465c8766bdc869d10a
9e43286e9b4f012b1e00a722af7f299946af47e5
13f78c579d9ac42e0ecacf5a61c41b8e16c6a93e34c22e967927aa41016ed0d4
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/solid.min.css HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:56 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:24 GMT
ETag: W/"632a3294-29d"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gVeF3mkVtYn%2B7B7vfhNsuewLt7Gy5SZ399Y82Se%2By5Ue102nBiRPkzpUxXuECCi3s5uQgjU72y%2FUQERPJ%2Fdq0NCVzD%2BX0Ev6ZMTg3tY%2BB7dfDyoUJz8IYwCY9Sh7edvRQf%2Bi4oqU"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c2f49f3b51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/frontend.min_002.css
172.67.134.59200 OK 41 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/frontend.min_002.css
IP 172.67.134.59:0
File type ASCII text, with very long lines (65493)
Hash 62e8c8a0a838d2816dea4ef7ee12aa0b
29266c33f27efc4a16d9640900e04b52f84cb4f0
e2464930e1729fc3f0b57ad6a5c86b6d9f11d230aa888699eb6f6344bf24aea3
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/frontend.min_002.css HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:56 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:04 GMT
ETag: W/"632a3280-7551c"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nSRvcAAB3BH1ZboiqXKUEmvKoGv0klxF6Czuviy7RYBYf8gc18oeC4mhnrGACDIaqQTWqOYjPj54%2B1h4Lt%2Fa4KSKP21i8BV1xeL5lFqVQV8zLt0lcpbd%2B%2BYyX%2FDF9Fy8YIGOf2zx"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c2ddf020b65-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 1e303e306341c9d780f271d315176dc8
90f2dffede897c9b2fdfb6eb17539f7010d586eb
7484160f2959e5bf0acae45e89436090bd093d3c6b279acd0f29a22d03a25bbe
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=144078
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 15:23:56 GMT
Etag: "6343c8da-117"
Expires: Wed, 12 Oct 2022 07:25:14 GMT
Last-Modified: Mon, 10 Oct 2022 07:25:14 GMT
Server: nginx
Content-Length: 279
www.warmsoft.sa.com/clicks/BarxBusyBall_files/style.css
172.67.134.59200 OK 1.0 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/style.css
IP 172.67.134.59:0
Hash e99b51ef4084cd73f88cb7a91d894af9
d092923bdf3e3625fb1c7d5447825afe0ead22a1
b04c604b656626b3f8952e397e0516851e219d246f8838337b7a7b1235285e91
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/style.css HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:56 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:25 GMT
ETag: W/"632a3295-99c"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2EtyywdjZn07qgI%2FvpM8%2FXxU3F4xsGss%2BMWRD39UoPN7I58b7X%2Byk%2BZj%2FGlAw6YUAg1asFFg7EHgTbWNdfJH6lQp6oeN953OQhS5hkXpz7legB4SZojAk9u0da3otLQr%2Bd046vNF"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c2fdbebb500-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/jquery-migrate.min.js
172.67.134.59200 OK 4.2 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/jquery-migrate.min.js
IP 172.67.134.59:0
File type ASCII text, with very long lines (11126)
Hash 0d5bb2a36d1fc2e095235bc201eb5579
98f0154e2ed5322a9f65077f954868d6c800b337
fe6382620c35c12aa4f3f96fe395e5813defe330c1d95fd3de1e94f8f5d1f0a5
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/jquery-migrate.min.js HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:56 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:12 GMT
ETag: W/"632a3288-2bd8"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vj9L2V3unrVdKHXBxUy4EOp5prwmKu%2FwE4tL2dqP1tkaHj4ixnQmdyRh4TTID5SLDac06uZcW%2BYHVYFAiaPro4pCp08Fj4nzxkO6m2Xg2rz6mR7%2BJY14yxMzOBpzV3ze8CiVt6fn"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c2fdb43b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/jquery.bind-first-0.2.3.min.js
172.67.134.59200 OK 691 B URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/jquery.bind-first-0.2.3.min.js
IP 172.67.134.59:0
File type ASCII text, with very long lines (1146)
Hash f23b394fb0399373a0f11feacefca734
933b8403b8e7d601e9cf7ae08359d0389784675d
13e90c9e8fbcb9e345f05c98ce1a8847dc0663cf02ef003a962cf7a983a43d2a
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/jquery.bind-first-0.2.3.min.js HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:56 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:12 GMT
ETag: W/"632a3288-525"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0wm5jdYYKb8%2FsU5znq6Hd1Z%2BO%2B2vJftD3WR0%2FUHDizmN8SXA50FoD6RDv5F7ex2%2BQeQ0JQVSXfvrXX9%2BgY25mEmAHrNB%2Furg3l7Fm7YAfUmeM8f88wH81vQ5HXUkYnvca3Be38QR"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c302af7b51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/js.cookie-2.1.3.min.js
172.67.134.59200 OK 869 B URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/js.cookie-2.1.3.min.js
IP 172.67.134.59:0
File type ASCII text, with very long lines (1709), with no line terminators
Hash 26a96c3ee576726a849adece9131100d
04c0b1daac7ea93718df250a7fca4ace3fe1b0e7
7504f9aeaed0f4f24b5d68e2fcd9ab2bf19c2ef80a151b6399252ac4c6cc2e36
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/js.cookie-2.1.3.min.js HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:56 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:14 GMT
ETag: W/"632a328a-6ad"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BG0FfkW5tZ5EU5maNNWlKiWLg%2F9E09flj%2BcxAnIlbA2PadGW1Tu53h2y8lFR%2BMCTl0I5SAAkCsiaC%2F0g5htegXFx2IteKqQG573SXscEIxMeTzoDn%2Fy8vMr6UXx1jKPATsCEE7pm"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c3049570b65-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/bootstrap.min.css
172.67.134.59200 OK 20 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/bootstrap.min.css
IP 172.67.134.59:0
File type ASCII text, with very long lines (65371)
Hash 989805476e91c69067f09b5cd302a063
b304cca15ecd1c8e0afca179ef50c970addf4f73
f90dedab7e9bc8eb19d5844b65263b6fe49bf3b1b4bc66a8c80b5194fb0faedf
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/bootstrap.min.css HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:36:55 GMT
ETag: W/"632a3277-1d9ac"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zjpYIQot3lbHzwIIaAdKJ26W%2Fc0JECsmHFkaxth9ZMMrCD8QN0O3PDOJFpxuBTN9HXwadVQBCnHTQma7fHLPaN0IPdM5OYouRiOSyCPlxVTWlAV2vlv7AeKJwTT%2BIaP%2By8sVspF4"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c2fae9c1bfa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/hotjar-1282132.js
172.67.134.59200 OK 2.3 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/hotjar-1282132.js
IP 172.67.134.59:0
File type ASCII text, with very long lines (3790)
Hash c7f79f90dfc00c4db81536b7a4f3a05c
f5438d62a69251f1f3e6bce67934d29356cc993b
77fda3b197fbeaf0358f7e24a638dcae6b684144b56a45c66dccf5b532ae086a
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/hotjar-1282132.js HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:09 GMT
ETag: W/"632a3285-1221"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wH8uTcEMvZW12x6Que3k1WjbZ2vxTRQYWcHpg6m0lhS5Mdtx5so%2F96wXnTLARsdfciRbvPBRXzClTE6YkMXvgFEWryWq93pApFX1a5XphM%2BDhmmEVFlSluQTMNFF3OyeCAyDmyJQ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c30cce6b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/jquery.min.js
172.67.134.59200 OK 31 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/jquery.min.js
IP 172.67.134.59:0
File type ASCII text, with very long lines (65451)
Hash de51a7f2c2c244ceb7103216144f03dc
9545e4547e01b6fcabebdfa08c2d75089808fbee
10b58517301b7a47ed1354030c9b652a1d96259d24e1e1b4c4b1aa33b94682ee
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/jquery.min.js HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:13 GMT
ETag: W/"632a3289-15d98"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HM58Ll0vUZ682rvOE6mpg%2BbTiMvVAoBIahX%2F62HqwnrZd3yD3FcWhr0IEFW1D7yj0drEe%2BmvSRgRCQbcSkKrigkip1MaGKfG6AN3pjXYKn2HUwb541VIqtzE4h6%2FFMMfZ0zQHoE3"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c2fdb10b4ed-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/public.js
172.67.134.59200 OK 13 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/public.js
IP 172.67.134.59:0
Hash 75375dac977a95b47addeb0f163faafa
575de150ed3eb7cc5a0f81dab0ef7051f6ceb8c2
45e4f9eabd33cdfaa02f5c4714c7817318a063f71466b7fc21d243714d475142
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/public.js HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:22 GMT
ETag: W/"632a3292-1417f"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j3JSH335pzXcZrtxjZMV%2BEzeYzp4DdCc2X9gRqSu0Z9DtZJcx9iSiEwkkZ1CMDMccbRFqKq8CdiMZVvrREEM6f%2F2%2FqY2MO1T4r8lR8pYthfmUYNIeNUQD29CBrCrseR%2FyfVRl9nf"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c308d3fb500-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/wp-embed.min.js
172.67.134.59200 OK 769 B URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/wp-embed.min.js
IP 172.67.134.59:0
File type ASCII text, with very long lines (1391)
Hash 82e67f050afdb38c20ac6eb305f97c17
df1349df76d66a9cf64377cf335c67c337d85470
5f6c33116e2106cd0f2f28c16062f1d584e74b8539a14ed45e17957634d71b7e
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/wp-embed.min.js HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:28 GMT
ETag: W/"632a3298-592"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kYEjXzMfi%2FFmd5ty0iIktHa9OHwb1t0VptiMuVCARQ9qlrtdZi62OPx7x5pchjBTi%2FUk%2FhBcxuCh%2B42TmQr5iceLxDPyop2WKZTNjiCqCnypLSWOd%2BPZYjtodV7VZN7wdq%2BGjZnN"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c311a6e0b65-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/animations.min.css
172.67.134.59200 OK 2.6 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/animations.min.css
IP 172.67.134.59:0
File type ASCII text, with very long lines (10019)
Hash 4c70bb5ced8549969c4fd5763e3ac298
20cb3c388b2e002b67b3d0f3b4be087b16d19976
f28829988ee5fda24ab97ab7f0a729e5d1a11a047c39f2947905f0d33ebc217f
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/animations.min.css HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:36:51 GMT
ETag: W/"632a3273-4824"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yo6hJlH%2BBCfBrTe5feqaK%2B8TTx21dPAN6%2BrpuBEGmoTaljYdJi4vTN8BYNHGhTO4gSvLGMKbVfL1nsh7X32cKVsp6KZuBvhyyhf8YpxswsA5b0RENxSHeMNIhAulcSizN5I9x667"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c310c1fb51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/main.js
172.67.134.59200 OK 17 B URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/main.js
IP 172.67.134.59:0
File type ASCII text, with no line terminators
Hash a932bc38777af90144148f9db9e3a6d6
1e5066d4bca2ce414111ee89b7aa4caf2564720e
8e9b2258b5383cd80acc415960b62c979d06f45af9ea4d59ee328ed76e8a69ab
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/main.js HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: application/javascript
Content-Length: 17
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:14 GMT
ETag: "632a328a-11"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hqutJx%2Fqne01mcsFFWScBqCK9z4fgmGGHnsTYv83NlUVsp5D8uROq3712kC26dvZ84wdjNR3AxcAJnlaJODZI7Mca%2BxELPGdT5KIsqamFbAqLtoMpwGDuwmHNeacQz2KEe9yBtiU"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c317da4b511-OSL
alt-svc: h2=":443"; ma=60
www.googletagmanager.com/gtag/js?id=UA-22484186-3&l=dataLayer&cx=c
142.250.74.168302 Found 279 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=UA-22484186-3&l=dataLayer&cx=c
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 3345d55aa2a26a83a27b97bb6995c8fa
4649c20e5cd8a0f68eac5bffda0d2daf1a24c7fc
117fdcc93510d2b55da4a428e694cb2f5bc2ce97d55eff95f87f352b9082374e
GET /gtag/js?id=UA-22484186-3&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=UA-22484186-3&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 279
X-XSS-Protection: 0
go.barxbuddy-busyball.com/tracking/universalJSRequest.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_&ffq=set|ff|flux_url|ff|http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_|ff|set|ff|flux_ref|ff||ff|set|ff|flux_f|ff|1547514574828824688|ff|set|ff|flux_inject|ff|%7B%22intoUrl%22%3Afalse%2C%22intoForms%22%3A%7B%22selector%22%3Anull%7D%2C%22intoLinks%22%3A%7B%22selector%22%3Anull%7D%2C%22tokens%22%3A%7B%7D%7D&frameId=_ffq_track_
172.67.190.237301 Moved Permanently 0 B URL HTTP/1.1 go.barxbuddy-busyball.com/tracking/universalJSRequest.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_&ffq=set|ff|flux_url|ff|http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_|ff|set|ff|flux_ref|ff||ff|set|ff|flux_f|ff|1547514574828824688|ff|set|ff|flux_inject|ff|%7B%22intoUrl%22%3Afalse%2C%22intoForms%22%3A%7B%22selector%22%3Anull%7D%2C%22intoLinks%22%3A%7B%22selector%22%3Anull%7D%2C%22tokens%22%3A%7B%7D%7D&frameId=_ffq_track_
IP 172.67.190.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tracking/universalJSRequest.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_&ffq=set|ff|flux_url|ff|http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_|ff|set|ff|flux_ref|ff||ff|set|ff|flux_f|ff|1547514574828824688|ff|set|ff|flux_inject|ff|%7B%22intoUrl%22%3Afalse%2C%22intoForms%22%3A%7B%22selector%22%3Anull%7D%2C%22intoLinks%22%3A%7B%22selector%22%3Anull%7D%2C%22tokens%22%3A%7B%7D%7D&frameId=_ffq_track_ HTTP/1.1
Host: go.barxbuddy-busyball.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 10 Oct 2022 15:23:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 10 Oct 2022 16:23:57 GMT
Location: https://go.barxbuddy-busyball.com/tracking/universalJSRequest.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_&ffq=set|ff|flux_url|ff|http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_|ff|set|ff|flux_ref|ff||ff|set|ff|flux_f|ff|1547514574828824688|ff|set|ff|flux_inject|ff|%7B%22intoUrl%22%3Afalse%2C%22intoForms%22%3A%7B%22selector%22%3Anull%7D%2C%22intoLinks%22%3A%7B%22selector%22%3Anull%7D%2C%22tokens%22%3A%7B%7D%7D&frameId=_ffq_track_
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tHMVp14OC5rJWasFszlBGZgWeKjUTQnIZ2C0g8cX4FbwRq0UE0b018QiDeZlklx2HOlONfEdYkRIw2R%2BmyqVEBBg4atRAuNPtUT6Gff01zELndTLi93Jx91xuJAvrHS6Apc8jafNiEG%2B6voD"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c325a89b4f4-OSL
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/webpack-pro.runtime.min.js
172.67.134.59200 OK 2.4 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/webpack-pro.runtime.min.js
IP 172.67.134.59:0
File type ASCII text, with very long lines (5141)
Hash 22c64f0e109871be8b7abd98390abb2d
123615b09a6c03a94c09c9c86ee5c0abe8ebee6e
bd1136e0e1642361ae4608815564bc4248cd39ea9e2729be218fc0b2933d2515
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/webpack-pro.runtime.min.js HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:27 GMT
ETag: W/"632a3297-1440"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zRiZUXi4C8WrH4NgXry4Y%2BjrR37CtSfA79WB8jQpD5%2Fl0UKwZcrzxN2Yx0NxjKaZIjZ916f8tulWmbozepNMTgcxSoBFCHrPhmLWsGcBJ1AifwkAyenaebWwdOWQX39KsBIw%2FpgS"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c31adfab4ed-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/webpack.runtime.min.js
172.67.134.59200 OK 2.2 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/webpack.runtime.min.js
IP 172.67.134.59:0
File type ASCII text, with very long lines (4918)
Hash 3080b214c7a96972c67a75895578632a
8033a9030a569ff2152b8bf5681753edb0c75561
daf37966c7b0293b89c7503e76d36797da0e5c846d3a39a29e1b5b7f0ad22489
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/webpack.runtime.min.js HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:28 GMT
ETag: W/"632a3298-135d"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8LtKZUw9Ww7q6n7sUxM9L2CG4k0JJCsKzt4sMpVrp2GIPrGSep76B1Ui5RK5nE3d7xp%2FwlYcgoehqkdGM5Kh%2BujLJwkyt6Y0rIcIs6GBWtZefICajD4ih%2FYvp8YI%2Fd5yzNDC6iMQ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c31f8ceb500-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.google-analytics.com/j/collect?v=1&_v=j96&a=1342407113&t=pageview&_s=1&dl=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_&ul=en-us&de=UTF-8&dt=Home%20-%20BarxBuddy%20Busy%20Ball&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=KEBAAEABEAAAAC~&jid=2011015840&gjid=1142263913&cid=1509221363.1665415437&tid=UA-197636334-1&_gid=1751955552.1665415437&_r=1&_slc=1&z=1112612480
142.250.74.174200 OK 2 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j96&a=1342407113&t=pageview&_s=1&dl=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_&ul=en-us&de=UTF-8&dt=Home%20-%20BarxBuddy%20Busy%20Ball&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=KEBAAEABEAAAAC~&jid=2011015840&gjid=1142263913&cid=1509221363.1665415437&tid=UA-197636334-1&_gid=1751955552.1665415437&_r=1&_slc=1&z=1112612480
IP 142.250.74.174:0
File type ASCII text, with no line terminators
Hash 38684612f0c6bb6dfa16da92f4a6878f
6fe62d0dd7db314b7f9bb945672f078e01d27f0f
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
POST /j/collect?v=1&_v=j96&a=1342407113&t=pageview&_s=1&dl=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_&ul=en-us&de=UTF-8&dt=Home%20-%20BarxBuddy%20Busy%20Ball&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=KEBAAEABEAAAAC~&jid=2011015840&gjid=1142263913&cid=1509221363.1665415437&tid=UA-197636334-1&_gid=1751955552.1665415437&_r=1&_slc=1&z=1112612480 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://www.warmsoft.sa.com
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://www.warmsoft.sa.com
date: Mon, 10 Oct 2022 15:23:57 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.warmsoft.sa.com/clicks/BarxBusyBall_files/bootstrap.min.js
172.67.134.59200 OK 9.8 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/bootstrap.min.js
IP 172.67.134.59:0
File type ASCII text, with very long lines (32003)
Hash 58d37dee3da217a04a9928284dd6e09a
412d316bc6cc79694772c5a86405cac30b00e2d8
d38e60ffa16dcdc8904f412aa9a74d96d637ddd2eec98a338cff900fa9d5283c
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/bootstrap.min.js HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:36:55 GMT
ETag: W/"632a3277-9004"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ludgp6AoJmGSwHT9JEMEQLNeG%2FRL2fpIKd4UHHWDBLB6C%2FrF2GA5uLD4VfvS7yuZzRxrse6AqosjrpvbRihdFJmS89mUFChLfGOFi3vRLmxMzudugbkXhQGeJJ5uC368%2B%2BKeiVL7"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c3148361bfa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 29a32d9388903ec730ac67b6b1f10269
6d54710f2bf0b284533005d8c783f3f15c9920af
cd03b8d5ae307fb1b3d976457c9762a743d5268ddd1f82c1fb5ae2fcd3e3d6d1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 15:23:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.195200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.warmsoft.sa.com
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 06 Oct 2022 05:42:51 GMT
expires: Fri, 06 Oct 2023 05:42:51 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
age: 380466
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.warmsoft.sa.com
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 19:34:08 GMT
expires: Thu, 05 Oct 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 416989
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.warmsoft.sa.com
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 19:34:08 GMT
expires: Thu, 05 Oct 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 416989
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 29a32d9388903ec730ac67b6b1f10269
6d54710f2bf0b284533005d8c783f3f15c9920af
cd03b8d5ae307fb1b3d976457c9762a743d5268ddd1f82c1fb5ae2fcd3e3d6d1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 15:23:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.warmsoft.sa.com/clicks/BarxBusyBall_files/frontend-modules.min.js
172.67.134.59200 OK 11 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/frontend-modules.min.js
IP 172.67.134.59:0
File type Unicode text, UTF-8 text, with very long lines (32889)
Hash 34dfd3a702a8fef627e6a76ce3628333
d57617d6306ffea7aa0de32ddfb551d074ed956a
aeb67eba2e473afb02e9a2ec51f74e9432829736b09ef4114c186f7348435dfa
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/frontend-modules.min.js HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:03 GMT
ETag: W/"632a327f-80a1"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bjB2SBYL2Ts6Vg9iPHd2EL%2FKWsUwPW2NeWIwCsw58spdT2N6K8864McWEfvsHaWlA2YVYkP1TQ4%2B6IIpP9gvGEUbt4emkU95WufaEmu%2FQ9K%2FleyDabUEQ8vDlHSik1DcYyXowDa0"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c320b780b65-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2
216.58.207.195200 OK 17 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 17368, version 1.0\012- data
Hash abe083d96b58eb02ada8b7c30d7b09f2
61447d66d13a8c8f4335696777a85c438c46f749
db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9
GET /s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.warmsoft.sa.com
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17368
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 19:47:56 GMT
expires: Thu, 05 Oct 2023 19:47:56 GMT
cache-control: public, max-age=31536000
age: 416161
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 29a32d9388903ec730ac67b6b1f10269
6d54710f2bf0b284533005d8c783f3f15c9920af
cd03b8d5ae307fb1b3d976457c9762a743d5268ddd1f82c1fb5ae2fcd3e3d6d1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 15:23:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
216.58.207.195200 OK 48 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 47952, version 1.0\012- data
Hash 17b406b7b8caa297435fa358e194f5a1
e2132f0e97781af56fa966c0fabb49132f2af203
84161c46238fff2c6920ebc28f02cddd7b710cf3d1107853f540b084320f6afd
GET /s/opensans/v34/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.warmsoft.sa.com
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 47952
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 03 Oct 2022 18:59:14 GMT
expires: Tue, 03 Oct 2023 18:59:14 GMT
cache-control: public, max-age=31536000
age: 591883
last-modified: Mon, 15 Aug 2022 18:22:41 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15752, version 1.0\012- data
Hash b20371a6daf29d4a1f2e85dbbf40fb20
0355a01c1ccb45cb728e7e07c41c8ebf456f70bb
7e262106f82cc52663e403f5b73795bbeab9ca0630c33c03579354fbcd4fae1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.warmsoft.sa.com
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15752
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 19:40:23 GMT
expires: Thu, 05 Oct 2023 19:40:23 GMT
cache-control: public, max-age=31536000
age: 416614
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.warmsoft.sa.com/clicks/BarxBusyBall_files/hooks.min.js
172.67.134.59200 OK 2.3 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/hooks.min.js
IP 172.67.134.59:0
File type ASCII text, with very long lines (6944)
Hash 03540560694e212a77995c376f83921b
2132b73afc60c57cd03846b1cc9887af9f4a8cfe
d2e2120a70173503c5f249e650dae6432ea5cd1f8149a79663577738ff717d65
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/hooks.min.js HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:08 GMT
ETag: W/"632a3284-1b43"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BVZEEoAt1nsixg%2FaD2OdmucJqEXfRTdzt2%2BDURJyMcrVE1FGrTbEK9QsMkPtSpvNEsnoYMA7udRu27NDmV4tyl3rSlWb0lyHaLNE63MDIczH%2Bm%2FkUsD%2FcZ%2B0lfxOeurEKoo3rr12"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c325ec0b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 29a32d9388903ec730ac67b6b1f10269
6d54710f2bf0b284533005d8c783f3f15c9920af
cd03b8d5ae307fb1b3d976457c9762a743d5268ddd1f82c1fb5ae2fcd3e3d6d1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 15:23:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.warmsoft.sa.com/clicks/BarxBusyBall_files/i18n.min.js
172.67.134.59200 OK 3.9 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/i18n.min.js
IP 172.67.134.59:0
Hash 8a9cafdbf3d1486429ee2c11cad276d6
c3fd805962ed20863829cfa99f92374764548230
3dabc9317768a089b5ee35bcf593a64b0f8b675fda95d6a3fe359126322b514f
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/i18n.min.js HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:09 GMT
ETag: W/"632a3285-27d6"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jc20ZxHlh3X2BAEfsVe0ukbMk7A6vxt60yN2b%2BWNdYQ6zIYpWjqYYUGJh7vX0SdprJV1BivKyCsgo3Ztvx7N6FSC7KEVh1T1KW%2FIEIdvKGUt5XVXDGNXVTjTUnfKY5mka0dR08Q4"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c328f02b4ed-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/waypoints.min.js
172.67.134.59200 OK 3.0 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/waypoints.min.js
IP 172.67.134.59:0
File type ASCII text, with very long lines (12198), with no line terminators
Hash c0db6d5c401074694c0330081ea8fffe
6a7474cbdd8d9f96165eb43a2d0e26840061a7fc
45cb1f190f039721a49a08310c0d932c469c9cb470786b34d6a904e20ffa8c93
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/waypoints.min.js HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:27 GMT
ETag: W/"632a3297-2fa6"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G11w5Yfrlol3zoq9SB3bjYFaQZCMx8RcAOJFWxGsvs7jp5XAj3X5GoSskkPH1DtbJuGfkEJHQ%2B2PlZzvbNntUPpeNMlmSZW6ZQ0iLVc7oUPFIe7j1IVzQQn58fsvXllT7e5XeUUo"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c32b97b1bfa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/frontend.min_002.js
172.67.134.59200 OK 5.7 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/frontend.min_002.js
IP 172.67.134.59:0
File type ASCII text, with very long lines (21374)
Hash 8074fd95a166a82ebca91755e25847f3
c12acecda79a93a2bbabebcb4fb1a7ad3f07ccc4
d6fb4f401ac29b037a5e6651b2b413b676aa165655b660689ce5c99a6d923a90
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/frontend.min_002.js HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:05 GMT
ETag: W/"632a3281-53a9"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dyFudlFonAhyEa16N98LaTgTegXkvnEulwOLVKmJwjVhwih3KWR8WOeLCK01xpDU%2BJOIidxiHll21qJrchGDHoAthCtSaS%2Bbf%2B8ZkLwH%2B27jTxYPgCceA7t7EkhkqWntNROnWPv6"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c32a9dfb500-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/wp-polyfill.min.js
172.67.134.59200 OK 34 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/wp-polyfill.min.js
IP 172.67.134.59:0
File type Unicode text, UTF-8 text, with very long lines (34729), with NEL line terminators
Hash 7700052880938fe98594cdf1e2ba3054
ea7e60afdb107fda98f82f917b819eaee23ccb80
e142ee6e547fe3ed111e22f803b1c56adbb8a3b3355ac2984ef7d8b1bae70f5b
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/wp-polyfill.min.js HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:29 GMT
ETag: W/"632a3299-183ee"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TMsLMKiRJi%2Fo2aL1QC%2FBavi05o8NipCQYITy8bCu6MkcjwNsVie%2Fka9708MtIoiN5JLoplmdW6MDVe34W9AYA%2BE4OyyGIJ4MlTnzwYePj1W0aofg50Xzzl1tqmhva9aL4EC78bty"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c322db5b51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/core.min.js
172.67.134.59200 OK 6.9 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/core.min.js
IP 172.67.134.59:0
File type ASCII text, with very long lines (7973)
Hash 97427162a3287e2a44e758b14839c6de
9b38ec9f301d54a3eb2ea1da12a5f1464e1a19b2
bd5550423958f5eba378c8fb77c628f67ecfbf654d1be7b54a3f2fb7183dbe20
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/core.min.js HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:36:56 GMT
ETag: W/"632a3278-5133"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CXbyrTyRqKW%2F7oub39RWg0du9S21P3kKrwykpULG9ugsrL03%2FJJRfGv7aYG9mX4Gmry%2B2uaBeXOv%2F23LcDSpBjICQgOJ251HGFoAjWB89ba2q2Mn9pC1euuC6s9oLoXiTa2cfwj0"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c32fc660b65-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/dialog.min.js
172.67.134.59200 OK 3.4 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/dialog.min.js
IP 172.67.134.59:0
File type ASCII text, with very long lines (10544)
Hash 1816af5b3ee327cd6a73773fdac161fb
8cd583eb2a709d5e67cd9afae3764791e6238339
1fa80d69fe6acdcf2a119d33cd7521b43b0a0e0b776e1f9284d5df29dcd98f4c
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/dialog.min.js HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:36:57 GMT
ETag: W/"632a3279-29ba"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OpdjfUwa2ZdaD2yBcPr7fewnkzgQIJ5IyIiYyA1z4KmxMmbyNa%2Bz6RfZnNvqjPoq10qhSaqrIHXp39NdU3nn%2Be8C8yZQ2suXiGWD87KD50QQUBMryk0bC1UwPW8roIMs2KfAJay%2B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c337a421bfa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 555 B IP 142.250.74.3:0
Hash 05d77c4fe173cf548507679e2de549be
7b945903d7737ec51ebd9e9c44a2ec387f7a2869
be2c6def023d6dd4c8bf0269b7c71c6b74276ed7a3fc8a7080bd9a3db567fb36
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 15:23:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.warmsoft.sa.com/clicks/BarxBusyBall_files/share-link.min.js
172.67.134.59200 OK 1.1 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/share-link.min.js
IP 172.67.134.59:0
File type ASCII text, with very long lines (2620), with no line terminators
Hash 04137bf1c2687485f57ecf53a3d1f9da
2e441c6f91e26322802ac93a57b18dc58dc745cc
de19aff59e33bd5997352345f978568eb24971ce0aac1f3842b981049f224855
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/share-link.min.js HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:22 GMT
ETag: W/"632a3292-a3c"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6MFF5D04FC61zbzlYMYOLwLKvjjU4Wirj1W9%2BIBqXaVxx3OSI35GSza%2BjnIY8pxFz6OQPVZ6XiKAFVv1jIJImZzqO7CnMzBThbPhH6imM3oQ5VTJiHsonOAu7tueK7916pXV1ymi"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c337823b4ed-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-22484186-3&cid=1509221363.1665415437&jid=44577113&gjid=766834551&_gid=1751955552.1665415437&_u=aEDAAUABEAAAAC~&z=659815550
173.194.73.156200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-22484186-3&cid=1509221363.1665415437&jid=44577113&gjid=766834551&_gid=1751955552.1665415437&_u=aEDAAUABEAAAAC~&z=659815550
IP 173.194.73.156:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-22484186-3&cid=1509221363.1665415437&jid=44577113&gjid=766834551&_gid=1751955552.1665415437&_u=aEDAAUABEAAAAC~&z=659815550 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://www.warmsoft.sa.com
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://www.warmsoft.sa.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 10 Oct 2022 15:23:57 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 55429dd512d3e72adc0792b5e941d914
affb6ecf685702a7e652d81bef23fdb03515709f
46efa31a4d653d84c6b1c9156c248b92032a5a4305fad19857d9ed6183b16251
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 15:23:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.warmsoft.sa.com/clicks/BarxBusyBall_files/swiper.min.js
172.67.134.59200 OK 35 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/swiper.min.js
IP 172.67.134.59:0
File type ASCII text, with very long lines (65280)
Hash c52f5df023eba51e4ec35d3b781c9720
9e6368361ed9627ee355654b6a709212960dcaf8
099f87704891ccf1300cf3ce4bd3af8a217540e8412d89b9228f6b9eeb084a01
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/swiper.min.js HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:26 GMT
ETag: W/"632a3296-21f91"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BQiae5p%2FDPKxUPryX0HLRlTguWUSNiQ9dsOLEyrrCcGwzjcO4hkGf%2BqKu1XYmAO79KVRN51HTsZnhpT9%2FwvFvznvNaWALx3%2BgOWVlv3Z%2Fq3tNn0IDQ5Sv3l5ljFCXG1rTUdZWpY1"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c332837b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/frontend.min.js
172.67.134.59200 OK 12 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/frontend.min.js
IP 172.67.134.59:0
File type ASCII text, with very long lines (40463)
Hash 329471be076fb60c9e9e8785b0f590f0
9db1b243ccc73bab68d1652f4d3e9e743ad3f72e
9d5481690292d36853154bf8d572dbbff17261b54e17c88431d993d6e2922cbc
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/frontend.min.js HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:04 GMT
ETag: W/"632a3280-9e36"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YHdxNUC%2BE5SBAz%2BfSEU%2BUiV9OCaR9e14tJV2qySRkn6woGF%2FniVxUjIYWnWCj%2BGuJVdK2F6ACbfvZ7Vrt7i6Z7o0xtvkV2sEDeMrungS9iOjUBfDVtYRo6IgfpS%2FRyQ%2FpZ1d4gCE"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c338b71b500-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/fonts/eicons.woff2?5.16.0
172.67.134.59404 Not Found 153 B URL HTTP/1.1 www.warmsoft.sa.com/clicks/fonts/eicons.woff2?5.16.0
IP 172.67.134.59:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 706a98254456810d3e849c3957af9d01
e461d072a6ba8f0082d6f187eba7f053343529c6
8351c0267c2cd7866ff04c04261f06cd75af9a7130aac848ca43fd047404e229
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/fonts/eicons.woff2?5.16.0 HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall_files/elementor-icons.min.css
Cookie: _ga=GA1.3.1509221363.1665415437; _gid=GA1.3.1751955552.1665415437; _gat=1
HTTP/1.1 404 Not Found
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DBUjSlHu4g6Nx%2B9biKEk60xIjkoLRSt5hZ%2BG6ScocXUdqYO4oUOND7%2FWiXfe65vOQRmlM40hj%2BX81Oq2vicegiuwT619Wect7OyuRGN65MpbHT4eSPmlUsZPuFv81XE0EMHaGXbT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c34394eb4ed-OSL
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/jquery.sticky.min.js
172.67.134.59200 OK 1.6 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/jquery.sticky.min.js
IP 172.67.134.59:0
File type ASCII text, with very long lines (3703)
Hash f81fd6ca08a44fe13ee107c0298ad600
5e87769c1fee743ddf6624948928851103e4671c
c9d4a0ce00dc8f6e46852042450a0fdfdabd4900f97f29c16163cc30e06a5b71
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/jquery.sticky.min.js HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:13 GMT
ETag: W/"632a3289-e78"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ymFezm4og1BVZBX4qDd3SbE7a5%2F1UppMk0GdEYORoevvyKX3SGqtCFUInOR8zaTfZ9YTHzgeibJzMrO4%2BFJycNsRGm1gbo6KfrzWmH2OWZJSN%2Fd9SOIbagoAFCQbCYFyLJr4CQN"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c342aef1bfa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/preloaded-elements-handlers.min.js
172.67.134.59200 OK 31 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/preloaded-elements-handlers.min.js
IP 172.67.134.59:0
File type ASCII text, with very long lines (65493)
Hash 3192fe4695c7d72bad352969820565cd
77d149d57900a2aaa799dc487b998944fd6c7db6
e189adca89a4af08f25bc791e476587c6aa331ae86a7f634aa0d384bed0ab85f
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/preloaded-elements-handlers.min.js HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:21 GMT
ETag: W/"632a3291-20de6"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0G3QkA%2F0QgP0Ed7q44lXqThpEQTHDCcJP4cs8QtspCv%2FFqWMHwwYOyLQNVZm3PR4EOPEkEcCIT9CSh7vDEK4%2BwIWLpuWxCgTSwYGHCRlL%2BuPQH2%2B0pWU4evek9z7y87Hpsk6CWEj"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c339ffab51b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/preloaded-modules.min.js
172.67.134.59200 OK 13 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/preloaded-modules.min.js
IP 172.67.134.59:0
File type ASCII text, with very long lines (43101)
Hash 161f6b6d7f9cd000afe9c8dbbfa3173e
1f2b235e36c2006fc349b8abf2bab883c9b9edde
49946dbb50ce76b8a61136e134d71baafb6958ca3404ea07147dba68223256b1
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/preloaded-modules.min.js HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:21 GMT
ETag: W/"632a3291-a884"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UE2kQQwc1Q0GcGCT9YfiaLjtg%2B%2BtAA7MycYLGCzo%2BMOA9hFaOS7F57xW03fDtefKjXqFyHlo0wVhdk2k2fkdLIImLq0VL7vN4%2FXQHnlsLoxHhtr47Jf4SP7Dg1U73leteyw8AlOy"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c33fd500b65-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/webfonts/fa-brands-400.woff2
172.67.134.59404 Not Found 153 B URL HTTP/1.1 www.warmsoft.sa.com/clicks/webfonts/fa-brands-400.woff2
IP 172.67.134.59:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 706a98254456810d3e849c3957af9d01
e461d072a6ba8f0082d6f187eba7f053343529c6
8351c0267c2cd7866ff04c04261f06cd75af9a7130aac848ca43fd047404e229
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall_files/brands.min.css
Cookie: _ga=GA1.3.1509221363.1665415437; _gid=GA1.3.1751955552.1665415437; _gat=1
HTTP/1.1 404 Not Found
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BgI0XBUiGr7hrVcuiHBOqAgTi7Ekp%2F2O1SmHxG%2BQNclll3GRrJ3VypsftpoiQHUTLbW1dVDZeJh02rxjAQBYRgHOaJ%2B9WuX0SpVkvfsMnIZxhEh3DzShpmgGz31hGOB5CzEZiHWH"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c34caa0b511-OSL
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/webfonts/fa-solid-900.woff2
172.67.134.59404 Not Found 153 B URL HTTP/1.1 www.warmsoft.sa.com/clicks/webfonts/fa-solid-900.woff2
IP 172.67.134.59:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 706a98254456810d3e849c3957af9d01
e461d072a6ba8f0082d6f187eba7f053343529c6
8351c0267c2cd7866ff04c04261f06cd75af9a7130aac848ca43fd047404e229
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall_files/solid.min.css
Cookie: _ga=GA1.3.1509221363.1665415437; _gid=GA1.3.1751955552.1665415437; _gat=1
HTTP/1.1 404 Not Found
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lqmzGD6qyRQaai%2FIM9kT2y9%2BQBkw6kV5NWr9n95Tp4xjqngJlNnEGLTVbjxSunOd%2B4YObu0AUQeJ7bp9hl7Xb18Yw8KT5DBXsPJKFTx8M5vy3B4Zf33I0nDhZYVzspFqb5OO2kU5"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c34cd77b500-OSL
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/fonts/eicons.woff?5.16.0
172.67.134.59404 Not Found 153 B URL HTTP/1.1 www.warmsoft.sa.com/clicks/fonts/eicons.woff?5.16.0
IP 172.67.134.59:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 706a98254456810d3e849c3957af9d01
e461d072a6ba8f0082d6f187eba7f053343529c6
8351c0267c2cd7866ff04c04261f06cd75af9a7130aac848ca43fd047404e229
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/fonts/eicons.woff?5.16.0 HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall_files/elementor-icons.min.css
Cookie: _ga=GA1.3.1509221363.1665415437; _gid=GA1.3.1751955552.1665415437; _gat=1; _gat_gtag_UA_22484186_3=1
HTTP/1.1 404 Not Found
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aTvbVOhgvLFC%2Fro%2FwDI6Je%2B6%2BqhquTZemq1gXo41o%2B%2FuKbBeW%2B7fOdwV%2Fm68oB%2Bf4OA%2B0RX3U5k5WQ4E%2BTqrQ6hulzilMFdfCFt4PcbKykERhqzdqVfvQip1qvHmEd8FXwcM2CPJ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c350c091bfa-OSL
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/universalJSRequest.htm
172.67.134.59200 OK 661 B URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/universalJSRequest.htm
IP 172.67.134.59:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1090), with CRLF line terminators
Hash bd38cf171f669990f149613e6c670f32
c9041934b6f3cc06c5632c01448f28da0ea96abf
1ccc1307b22fee047d7f8f78a94a99a526eff20aac7456244a80202b91636aa6
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/universalJSRequest.htm HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
Cookie: _ga=GA1.3.1509221363.1665415437; _gid=GA1.3.1751955552.1665415437; _gat=1
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:26 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C%2BBcm%2Fm25vzVKsgTyeEEXdP8FdaGOKawWvJ6s%2FFKSukFfm6umupP6ORsZJvneKTvBYWM4HR%2FB%2BetrWWsToN4SNhiVKXeNRiw6goqTFaTyYMUBlFKD5WNiRUlyX6CZe40YBH0Vmt6"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75805c34ea65b4ed-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/star-1.png
172.67.134.59200 OK 1.7 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/star-1.png
IP 172.67.134.59:0
File type PNG image data, 200 x 40, 8-bit colormap, non-interlaced\012- data
Hash 3acd96edd2f2f2773e229e1f80461688
44b2adde2b2aeb6092d282b017dbfd21919e78cd
c89a9b248c391aca5a38d7d7275c5a14c824d58a2ce580d009ab8dbc4ec3b0c5
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/star-1.png HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
Cookie: _ga=GA1.3.1509221363.1665415437; _gid=GA1.3.1751955552.1665415437; _gat=1
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: image/png
Content-Length: 1650
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:25 GMT
ETag: "632a3295-672"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kqffe9HkaglGWl%2FTC1AmzRNb%2BbftCqJ5ibQwEDXtyBPgxsGSHOEE3cNHOwfZwrwk9nnIvBjCkNemh6z0xeQco%2BA4Kq3bAobb7pBLHxyRuAcQUSRpq4gISnW5HRYrFYDStE5uMxwo"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c352ed00b65-OSL
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/webfonts/fa-brands-400.woff
172.67.134.59404 Not Found 153 B URL HTTP/1.1 www.warmsoft.sa.com/clicks/webfonts/fa-brands-400.woff
IP 172.67.134.59:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 706a98254456810d3e849c3957af9d01
e461d072a6ba8f0082d6f187eba7f053343529c6
8351c0267c2cd7866ff04c04261f06cd75af9a7130aac848ca43fd047404e229
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/webfonts/fa-brands-400.woff HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall_files/brands.min.css
Cookie: _ga=GA1.3.1509221363.1665415437; _gid=GA1.3.1751955552.1665415437; _gat=1; _gat_gtag_UA_22484186_3=1
HTTP/1.1 404 Not Found
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n8VK60deRDM05vMjmAEtzpFjmomQK888HBmiwlRyHQ9N4TOx%2BSl%2B%2F0cG9i1xOsOfrab3ez0PSePEN5A7zwnL702PdZu8%2BHBJkKpHOS5SeKpCv1BHC%2FE%2BQ%2FBcxTzF7vQmqRIDOK6N"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c356c781bfa-OSL
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/h-logo.png
172.67.134.59200 OK 17 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/h-logo.png
IP 172.67.134.59:0
File type PNG image data, 364 x 95, 8-bit/color RGBA, non-interlaced\012- data
Hash 215db7d61345c483e47e26954cc90171
5bf5b6255a3965453dfdeb289326e27b75d51920
cfb755f03da045604bed70578f66f61b410a16ee211ff1eb8530a53f71669bcd
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/h-logo.png HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
Cookie: _ga=GA1.3.1509221363.1665415437; _gid=GA1.3.1751955552.1665415437; _gat=1
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: image/png
Content-Length: 17332
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:08 GMT
ETag: "632a3284-43b4"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BR7O7WCfu0CwsrgRTbDNMwtPPAzZBgYYvVWLsv0OSpaaZ8GMYe3Z5lrBnj6l3YlpWbDz0onnpVgMuqzl44AhBWOiygHkVk2yRLpyui2tWwmw7yznFZ9MLu6ANzFjNgTH%2Flkfshqp"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c3509ecb51b-OSL
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/webfonts/fa-solid-900.woff
172.67.134.59404 Not Found 153 B URL HTTP/1.1 www.warmsoft.sa.com/clicks/webfonts/fa-solid-900.woff
IP 172.67.134.59:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 706a98254456810d3e849c3957af9d01
e461d072a6ba8f0082d6f187eba7f053343529c6
8351c0267c2cd7866ff04c04261f06cd75af9a7130aac848ca43fd047404e229
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/webfonts/fa-solid-900.woff HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall_files/solid.min.css
Cookie: _ga=GA1.3.1509221363.1665415437; _gid=GA1.3.1751955552.1665415437; _gat=1; _gat_gtag_UA_22484186_3=1
HTTP/1.1 404 Not Found
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cREG7yQiGJ82MRgmZXXKYngaS0%2Bp5NCR4eXyRUhtl%2FRa1avoE%2BfXd3P6UVzhnN%2B1tfgF3XhZ1%2BrKwiCG4iviMhwrebZx2H7vnPPGOYLdbw6qYH7HpPr%2FTUXooRdypksqfhifPewa"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c35cbf3b4ed-OSL
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/9.png
172.67.134.59200 OK 16 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/9.png
IP 172.67.134.59:0
File type PNG image data, 99 x 99, 8-bit/color RGBA, non-interlaced\012- data
Hash 3aac065009b5122410847ea8c22cd48d
adf6ba08fad5046d765104ed5e2ef5f715b92053
1723e02494a6822228851fefd4b9e1d08b43008337b2d08c7d29f5a963b93b4c
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/9.png HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
Cookie: _ga=GA1.3.1509221363.1665415437; _gid=GA1.3.1751955552.1665415437; _gat=1
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: image/png
Content-Length: 16011
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:36:50 GMT
ETag: "632a3272-3e8b"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cjq0En0Bp7iDORjXlYrxoW3hwNm9sZ4tl%2BzAjQUS%2FKg4Ig9qlAmtRf3JSEMDpVTR%2F%2BX594CvoA1WvnSi4UfApWQir5A0YX%2FDKhO2UMebrS8oanqPayfHyg9ttUbwMaJHEY7z%2FbSC"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c353b21b511-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f97cde01f1afd5ed30319169445ec773
1cb25a8da62cdf1f9ab1b2b35d03163037691b33
1db2f13247d84bbebf5221ac7429e9367ee92aa1148b4aa879751e1944766406
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1DB2F13247D84BBEBF5221AC7429E9367EE92AA1148B4AA879751E1944766406"
Last-Modified: Mon, 10 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13709
Expires: Mon, 10 Oct 2022 19:12:26 GMT
Date: Mon, 10 Oct 2022 15:23:57 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f97cde01f1afd5ed30319169445ec773
1cb25a8da62cdf1f9ab1b2b35d03163037691b33
1db2f13247d84bbebf5221ac7429e9367ee92aa1148b4aa879751e1944766406
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1DB2F13247D84BBEBF5221AC7429E9367EE92AA1148B4AA879751E1944766406"
Last-Modified: Mon, 10 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13709
Expires: Mon, 10 Oct 2022 19:12:26 GMT
Date: Mon, 10 Oct 2022 15:23:57 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f97cde01f1afd5ed30319169445ec773
1cb25a8da62cdf1f9ab1b2b35d03163037691b33
1db2f13247d84bbebf5221ac7429e9367ee92aa1148b4aa879751e1944766406
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1DB2F13247D84BBEBF5221AC7429E9367EE92AA1148B4AA879751E1944766406"
Last-Modified: Mon, 10 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13709
Expires: Mon, 10 Oct 2022 19:12:26 GMT
Date: Mon, 10 Oct 2022 15:23:57 GMT
Connection: keep-alive
www.warmsoft.sa.com/clicks/BarxBusyBall_files/blank.htm
172.67.134.59200 OK 548 B URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/blank.htm
IP 172.67.134.59:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1254), with CRLF line terminators
Hash cd64b4aeec0a8560c0d6527312e2c806
3b84cb918c9cf6a06d81b2aee07f5fec52ec6878
7dc0902142b34ea216d209ad68f58687c2190ebb974b2f540f61cc64b2b22ef4
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/blank.htm HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
Cookie: _ga=GA1.3.1509221363.1665415437; _gid=GA1.3.1751955552.1665415437; _gat=1; _gat_gtag_UA_22484186_3=1
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:36:54 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yLxVTIUgDlT%2Fm2qzvg31HeU0Ah9jEAU1g10SCRowjfBUUroB4xyi0OR9tKtrkbFDdyM55kJGX9P4XGrQrIC8ZDq%2B0eF4rIOhTk7PvWh2EiAY7pLGhEcnUuVCsnzIK7XS7iGqG3O4"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75805c35ff9d0b65-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d3fa05a-2c1d-4a1d-9d91-bc70cb4e4ee5.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d3fa05a-2c1d-4a1d-9d91-bc70cb4e4ee5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a09bd7160451852652bccbcbcdcbd527
f42137372ab3b592977b1b736c1b12fc5ed81bf6
568b1c7cbe260d05919ff7232855441f70bf048c32380d8c0b848aa80a1696c3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d3fa05a-2c1d-4a1d-9d91-bc70cb4e4ee5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6923
x-amzn-requestid: 507e5591-c06e-4ee8-b567-a11b6c95024e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZwalRGFcoAMFslw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63433e21-5e5bf5026b2121931e035270;Sampled=0
x-amzn-remapped-date: Sun, 09 Oct 2022 21:33:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: EgQIb89afJS1uPY9ZUyDS_E7C_JQT8Scm3EC3K5OZKB2nE7wMx8PIw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 09 Oct 2022 22:12:34 GMT
age: 61883
etag: "f42137372ab3b592977b1b736c1b12fc5ed81bf6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fddaf1070-ebad-430c-b856-6b6704ae51dd.jpeg
34.120.237.76200 OK 6.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fddaf1070-ebad-430c-b856-6b6704ae51dd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7b2bd332e22751757c71b82b703f167e
5150043db72276380d5b265760112c05c233b873
18d961e14c5be703efce24f0e94ad4e046ad28b49325fdf22b5445fd24baf58d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fddaf1070-ebad-430c-b856-6b6704ae51dd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6533
x-amzn-requestid: 56d11966-2442-410b-9c4f-eed2a3bf0d5d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZwatMEpwoAMF1aA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63433e54-50740bf0455199093d849abe;Sampled=0
x-amzn-remapped-date: Sun, 09 Oct 2022 21:34:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: bF5vJ0uF9J5J9ZUQ1vteSfu3DVq2QxZEGFvRZKYMyGaCCZ3RU0Essg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 09 Oct 2022 21:57:03 GMT
age: 62814
etag: "5150043db72276380d5b265760112c05c233b873"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe8b331e-bfda-41c1-ba28-37b8830016ea.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe8b331e-bfda-41c1-ba28-37b8830016ea.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 49e54a4a59a61533078f561c32f254e3
6396e8bf68251d60f0c9949cb99b6f3f46b61d34
3dc5081efa3b7456e91eb8b437789246f7cbd4176b2042e6801dcbd5a145e83c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe8b331e-bfda-41c1-ba28-37b8830016ea.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5282
x-amzn-requestid: 16029133-8119-4249-9447-f1d02ef00f76
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zj7n_GNtIAMFUlQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633e3fcc-6b5982c06383d5182132d5c6;Sampled=0
x-amzn-remapped-date: Thu, 06 Oct 2022 02:39:08 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dc3qlfhgiv1MpP5aox0rAd24KDkiTRkyTjxtrPL01MpbnaVfZ7cmAA==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 09 Oct 2022 21:44:31 GMT
age: 63566
etag: "6396e8bf68251d60f0c9949cb99b6f3f46b61d34"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3c21914-dac1-455d-9533-b584e9bd6225.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3c21914-dac1-455d-9533-b584e9bd6225.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cefb9479bc2fe5087f9d2b89ef3cec2b
aa219f193812c6a2d0313316ce13fe74f1d468d0
a806ef995ed2285bd9f0d553df49aa28924e640805e1f50284baad1c0aec06bd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3c21914-dac1-455d-9533-b584e9bd6225.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10113
x-amzn-requestid: 7a9800c5-81ed-4a23-bbe0-0041ab682856
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZwalQEPPoAMF3yA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63433e21-5a9bedb10c4f8c2c60ab3769;Sampled=0
x-amzn-remapped-date: Sun, 09 Oct 2022 21:33:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MROeeTPtb6DfMHkig6fHcYuYiv1-udvJVfB1jygcDYLy4LuZmgRE_Q==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Sun, 09 Oct 2022 22:24:52 GMT
age: 61145
etag: "aa219f193812c6a2d0313316ce13fe74f1d468d0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2b12fb41-30af-4093-a2e5-407e0dba7f9f.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2b12fb41-30af-4093-a2e5-407e0dba7f9f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3cb1e1243af4405d2ddfc86ece266cff
bcd47a41fc6b0384c03fa00b8fa4a23805fa3b28
6df8b3b5420bad300304d14e8e18d65e4179a76d2f7e0a24bce23655318f49a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2b12fb41-30af-4093-a2e5-407e0dba7f9f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8218
x-amzn-requestid: 694a656a-0f68-4d3a-a316-1da1ce908c11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZwatMFwzoAMF4Ew=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63433e54-277be490531f4d3b4cf11540;Sampled=0
x-amzn-remapped-date: Sun, 09 Oct 2022 21:34:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: bQ8XleDVmNo8uFPqs6hSr55SYWa4yF2R4nZ_oMnObdl3PlTGM7l7Dg==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Sun, 09 Oct 2022 22:02:57 GMT
etag: "bcd47a41fc6b0384c03fa00b8fa4a23805fa3b28"
content-type: image/jpeg
age: 62460
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0583d755-2f5b-458f-86f0-774b9909eb6f.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0583d755-2f5b-458f-86f0-774b9909eb6f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6e9aa9808428e5fd81ac9d61d6f7c708
3a8d76badce50dd98938885082dcb6e30363ae88
d8f7c48a1cbe04af2f7e0455d1ef7af9b63506b9ae343ebf14ece8689bb06bf6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0583d755-2f5b-458f-86f0-774b9909eb6f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11800
x-amzn-requestid: 5f2ce4dd-0df8-4df7-a12d-e6fffd622752
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZnTQHGADIAMFXfg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633f98cd-5044665325e5d64975c1ff0c;Sampled=0
x-amzn-remapped-date: Fri, 07 Oct 2022 03:11:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: LhwkinWopo6RX-yo5_35HWL9S2dGpdi7rAiwVWLxUicaHfHW3VF7DQ==
via: 1.1 4d8620b80ebe37d366388e117039aa8e.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Sun, 09 Oct 2022 22:22:12 GMT
age: 61305
etag: "3a8d76badce50dd98938885082dcb6e30363ae88"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.warmsoft.sa.com/clicks/webfonts/fa-solid-900.ttf
172.67.134.59404 Not Found 116 B URL HTTP/1.1 www.warmsoft.sa.com/clicks/webfonts/fa-solid-900.ttf
IP 172.67.134.59:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash d6e62b966693d7822072903ae8310d00
2de307cf4db56a090d7633f2da9ce6d224f6ffb7
36bd7d3c61ddaa2cfd74438dfcc2552f527a5299abc17957073a05d4b1d5cecf
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/webfonts/fa-solid-900.ttf HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall_files/solid.min.css
Cookie: _ga=GA1.3.1509221363.1665415437; _gid=GA1.3.1751955552.1665415437; _gat=1; _gat_gtag_UA_22484186_3=1
HTTP/1.1 404 Not Found
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uHbdXJ6qsy9rRtTqA0j%2BqzOFc32bYhq%2BuDQoTKQMAmGPkWmSiRgIzj3%2FprdJ3EuwSlrn1E2JYpyQJ5ihI4W6jSBE5ZCaoS1t15%2FtW%2B5DGNNmH%2FRWQA%2FHqWaklFO6dVcAwqu%2BqVS0"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c3698270b65-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/fonts/eicons.ttf?5.16.0
172.67.134.59404 Not Found 116 B URL HTTP/1.1 www.warmsoft.sa.com/clicks/fonts/eicons.ttf?5.16.0
IP 172.67.134.59:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash d6e62b966693d7822072903ae8310d00
2de307cf4db56a090d7633f2da9ce6d224f6ffb7
36bd7d3c61ddaa2cfd74438dfcc2552f527a5299abc17957073a05d4b1d5cecf
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/fonts/eicons.ttf?5.16.0 HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall_files/elementor-icons.min.css
Cookie: _ga=GA1.3.1509221363.1665415437; _gid=GA1.3.1751955552.1665415437; _gat=1; _gat_gtag_UA_22484186_3=1
HTTP/1.1 404 Not Found
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UD47SBOiMayi05woZ0E4Ynj9eYZobG6z6f7IduCJ8VGmC1c0UBUTzU6F7uh5NnlHbDLO75E5cHsLICWrKNPzCJCAG6qL8HzJX0C2ll38yN7qDjMeIx%2Fp8U122Am03Qqc%2Bd9dlUzI"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c367ccdb4ed-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/webfonts/fa-brands-400.ttf
172.67.134.59404 Not Found 116 B URL HTTP/1.1 www.warmsoft.sa.com/clicks/webfonts/fa-brands-400.ttf
IP 172.67.134.59:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash d6e62b966693d7822072903ae8310d00
2de307cf4db56a090d7633f2da9ce6d224f6ffb7
36bd7d3c61ddaa2cfd74438dfcc2552f527a5299abc17957073a05d4b1d5cecf
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/webfonts/fa-brands-400.ttf HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall_files/brands.min.css
Cookie: _ga=GA1.3.1509221363.1665415437; _gid=GA1.3.1751955552.1665415437; _gat=1; _gat_gtag_UA_22484186_3=1
HTTP/1.1 404 Not Found
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IasMtcJfqCSoPEZABFei63LUJzfGibUh4rL9pTUBpSjRMOZjTN%2FkFOYSfpaZ9EawRGN1dPpywj5EJijGqFpr2vQgIirk2NzPQqsIWmLdn8eN1vMgTFMM5VUVES8Jw5RkOQao%2BFVa"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c368d18b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/blank_data/inject.css
172.67.134.59200 OK 928 B URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/blank_data/inject.css
IP 172.67.134.59:0
File type ASCII text, with CRLF line terminators
Hash e1c22e631b7cce42e3ef13cd9bb02ff5
6c6c2b15c56e776d9eac10babf3a6c4a2bd964ae
93950a736308fe62073a44a76b8ec05b9a651062f6ecee4782059d0718aab6dc
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/blank_data/inject.css HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall_files/blank.htm
Cookie: _ga=GA1.3.1509221363.1665415437; _gid=GA1.3.1751955552.1665415437; _gat=1; _gat_gtag_UA_22484186_3=1
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:34 GMT
ETag: W/"632a329e-f28"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JrZo90UigZxQkWeCbEs1jWBPqWcSDrnK%2FQ2yKW3WQu19fN%2Bc%2F6x%2BabqQLnazhLOLV1mM9RhjRUb7GM%2BTXjm%2BgHazosJj%2FOpH8wgQvFBxwgge82OupGgGf85ehI%2FO0D%2BM7bKzzbff"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c36f87c0b65-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/2-2.jpg
172.67.134.59200 OK 212 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/2-2.jpg
IP 172.67.134.59:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=6, manufacturer=BeFunky, orientation=upper-left, xresolution=94, yresolution=102, resolutionunit=2, software=BeFunky Photo Editor], baseline, precision 8, 900x599, components 3\012- data
Size 212 kB (212218 bytes)
Hash e47f60e441e6c6221e56096ae0191517
8a31f128d03dc5c0ef89d11516e972f9d2e91c41
35df81c9bdefe4a0ca20de946a481117c914bfcdb77cb431484fadfb8e61d6bb
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/2-2.jpg HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
Cookie: _ga=GA1.3.1509221363.1665415437; _gid=GA1.3.1751955552.1665415437; _gat=1
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: image/jpeg
Content-Length: 212218
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:36:40 GMT
ETag: "632a3268-33cfa"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eiprrPuyXUtDpanziCmCTCfA5PVnuD%2FZR48oICvfhyLI8oCxTIdoLAk5k8v29EZ8iqh3J6Kj8Y3whsI6nLIs%2BHuZjhhGGX12e52WSc1g%2BwP56%2FfRzpbqPnfQhWwjn6Vkzy8DQPMJ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c35fcdd1bfa-OSL
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/download.png
172.67.134.59200 OK 1.2 MB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/download.png
IP 172.67.134.59:0
File type PNG image data, 1015 x 1015, 8-bit/color RGBA, non-interlaced\012- data
Size 1.2 MB (1158119 bytes)
Hash f0d41ae842748c4a9d7f68bd32e3f9b4
e1bb6386c35740f41ee7835af64c5cabd26a21e2
c466eb600c892017f3d7f4bbbe1b78e7bcc0df5d1be2187a45ca748e80dacc30
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/download.png HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
Cookie: _ga=GA1.3.1509221363.1665415437; _gid=GA1.3.1751955552.1665415437; _gat=1
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:57 GMT
Content-Type: image/png
Content-Length: 1158119
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:37:00 GMT
ETag: "632a327c-11abe7"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Be5qb5DSbT8q9Fm2H2F78lO9z8nhLFL6qgzcBsa7FFrHsY1b%2BuDTOzXAwlem4ELCtd27i9d6mj4xJc1Q190nLKHGs%2F2cAPkcsY1OSm8VbQH3FD9SVfakAopguP6Mvg8pHgIvmOAm"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c353e0bb500-OSL
alt-svc: h2=":443"; ma=60
www.warmsoft.sa.com/clicks/BarxBusyBall_files/ball.png
172.67.134.59200 OK 857 kB URL HTTP/1.1 www.warmsoft.sa.com/clicks/BarxBusyBall_files/ball.png
IP 172.67.134.59:0
File type PNG image data, 900 x 600, 8-bit/color RGBA, non-interlaced\012- data
Size 857 kB (857072 bytes)
Hash 64f0dde2fdf833d02527c4e7677abf03
d90bbcfc400dc6039a73d272c77d01b7fba88b07
057cc4996f1546d56346830ad2aaa0f771c8a652556d7fde3e1773e3a088001c
Analyzer Verdict Alert quad9 Sinkholed
GET /clicks/BarxBusyBall_files/ball.png HTTP/1.1
Host: www.warmsoft.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/clicks/BarxBusyBall.php?sid=996040&h=-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww/6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
Cookie: _ga=GA1.3.1509221363.1665415437; _gid=GA1.3.1751955552.1665415437; _gat=1
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:58 GMT
Content-Type: image/png
Content-Length: 857072
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2022 21:36:53 GMT
ETag: "632a3275-d13f0"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PwH8npdfPB9dBkEEINH83rePo%2Fk%2BpAza%2B%2BLCknLNHAtF7fAkW2ngxkd7xqrjbvKwl15MciMd33v5eh%2Bfdfyea5MGbXL0KI6fc3SuK08lV%2B4POaWdI4YchQ9qVKfJl04gDO1WU6OX"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75805c360b55b51b-OSL
alt-svc: h2=":443"; ma=60
amplify.outbrain.com/cp/obtp.js
23.38.201.81200 OK 3.5 kB URL HTTP/1.1 amplify.outbrain.com/cp/obtp.js
IP 23.38.201.81:0
File type ASCII text, with very long lines (8656), with no line terminators
Hash 6cff2cb49ee772adf066904fd18efd9a
8b876016198b0fc9862d2b6e29a80251c5422e72
85d26923c638ce50f36f7b69f9f50d2a6d6863abed574af143e24a14a343f9d2
GET /cp/obtp.js HTTP/1.1
Host: amplify.outbrain.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-javascript
ETag: "0d5508c59e34b5d35cde5aea2aa1c2fd:1665301953.026714"
Last-Modified: Sun, 09 Oct 2022 07:50:08 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=1200
Expires: Mon, 10 Oct 2022 15:43:58 GMT
Date: Mon, 10 Oct 2022 15:23:58 GMT
Content-Length: 3471
Connection: keep-alive
static.hotjar.com/c/hotjar-1282132.js?sv=5
108.157.229.95301 Moved Permanently 167 B URL HTTP/1.1 static.hotjar.com/c/hotjar-1282132.js?sv=5
IP 108.157.229.95:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d
GET /c/hotjar-1282132.js?sv=5 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Mon, 10 Oct 2022 15:23:58 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://static.hotjar.com/c/hotjar-1282132.js?sv=5
X-Cache: Redirect from cloudfront
Via: 1.1 d009c4305a73ef1e26138117423d6076.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P2
X-Amz-Cf-Id: bmoxV5R1RdiXsJgj7bwx_YJwdhJ2u2pVbFLZ9yUGqsl-fzRLfgR_RA==
cdn.taboola.com/libtrc/unip/1169954/tfa.js
151.101.85.44200 OK 18 kB URL HTTP/1.1 cdn.taboola.com/libtrc/unip/1169954/tfa.js
IP 151.101.85.44:0
File type ASCII text, with very long lines (58494)
Hash d088422f9e173a7b86472c390a416ccf
ed99013efc0d92bb623b65ad4da6d8fcd2f014cd
fa120e86b86ddd64f5184da5f4897665ba0d7a8ae488cdfdf25c0ad40d6ec8d3
GET /libtrc/unip/1169954/tfa.js HTTP/1.1
Host: cdn.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 17951
x-amz-id-2: jUrxOifjiq/qJBqvKZ36wp65CCNF7fDzpjNjY5xFNeMavCSIAQdRI4j2qvcsIlxRra9C1Qw/aJ8=
x-amz-request-id: PCKMCQ3K8FE7KD0J
x-amz-replication-status: COMPLETED
Last-Modified: Sun, 09 Oct 2022 11:04:51 GMT
ETag: "0fd7bbe945022977b3bc93bf94bdb825"
x-amz-version-id: qEsYYOy7NTtOdHVxRGCvNqdE9O0rAdjP
Content-Type: application/javascript; charset=utf-8
Server: AmazonS3
Content-Encoding: gzip
Accept-Ranges: bytes
Date: Mon, 10 Oct 2022 15:23:58 GMT
Via: 1.1 varnish
Age: 17999
X-Served-By: cache-bma1627-BMA
X-Cache: HIT
X-Cache-Hits: 2
X-Timer: S1665415438.235519,VS0,VE0
Cache-Control: private,max-age=14401
Vary: Accept-Encoding
abp: 83
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e963bf65f0652e6e8c9f77f03be54bc0
868fe4619de9678c51e53d45a429ed7f202c5b9b
9958542f5bace8c725fae916045825f86f9d832b16ee08b6d17d3262e157590b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4905
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 15:23:58 GMT
Last-Modified: Mon, 10 Oct 2022 14:02:13 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 67f3b94a0e4e21dd8b7686af075d0554
a336c7de6fe89885028407be920c5abadb503b1f
0071bc03310db98470d40073c0ba293ed17034cee235e221bdf483c0d8cce424
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 15:23:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash e1327a02d76346c7e23d114e4e508b30
195b8ad875ab8f7a7adf735f1f70aa02b3a2e1a3
331e67b451c6559915b12ab2df810ccdba73b3971c5301b2010b54dd6d391de2
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: Vw4UfMXixCKFdMBlAfMmjkoEIxAiJo9XqECUysnTH78Vmf/+5z0ZThaE2CBWOvkQlgTgRjKEv9tugGgm2X2mDA==
content-length: 26840
x-fb-trip-id: 1904183273
date: Mon, 10 Oct 2022 15:23:58 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 630d2d1f4572fc2d78b1318b8a5c05d9
e88d0c31bc701e6620366a83dd337a89420a4215
73442de4417e1f83c5e82b0e281bf0e4144a0a25f8c59552a788932d5c47bde5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 15:23:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 67f3b94a0e4e21dd8b7686af075d0554
a336c7de6fe89885028407be920c5abadb503b1f
0071bc03310db98470d40073c0ba293ed17034cee235e221bdf483c0d8cce424
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 15:23:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-22484186-3&cid=1509221363.1665415437&jid=44577113&_u=aEDAAUABEAAAAC~&z=776164657
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-22484186-3&cid=1509221363.1665415437&jid=44577113&_u=aEDAAUABEAAAAC~&z=776164657
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-22484186-3&cid=1509221363.1665415437&jid=44577113&_u=aEDAAUABEAAAAC~&z=776164657 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 10 Oct 2022 15:23:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/conversion_async.js
142.250.74.164200 OK 15 kB URL HTTP/2 www.google.com/pagead/conversion_async.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (1654)
Hash 8766c5a801f08afceca9b66ff9097e6a
ce7640d1d166eddeb9d40be642ec34652f790713
f448f99b4ad9a9b50daa9c38054cf16ab2b9fcb5d83ddad60571fb6a8a432a99
GET /pagead/conversion_async.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 10 Oct 2022 15:23:58 GMT
expires: Mon, 10 Oct 2022 15:23:58 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 17557423932572341828
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 15187
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e963bf65f0652e6e8c9f77f03be54bc0
868fe4619de9678c51e53d45a429ed7f202c5b9b
9958542f5bace8c725fae916045825f86f9d832b16ee08b6d17d3262e157590b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4905
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 15:23:58 GMT
Last-Modified: Mon, 10 Oct 2022 14:02:13 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-22484186-3&cid=1509221363.1665415437&jid=44577113&_u=aEDAAUABEAAAAC~&z=776164657
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-22484186-3&cid=1509221363.1665415437&jid=44577113&_u=aEDAAUABEAAAAC~&z=776164657
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-22484186-3&cid=1509221363.1665415437&jid=44577113&_u=aEDAAUABEAAAAC~&z=776164657 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 10 Oct 2022 15:23:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash dd948efc72c1cdc7fa4f691d9db79692
8dc8599f9b1ba1274b3f89e0ed5e331ba758b2b8
d04382223f7d4b784af062d0a88fb70e96fdeab51d1e21d23a59212c5c9853ed
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 15:23:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5855dca2f41651669a3211635c24ce5a
3f17ede289a3ac814e80a0acefbcd97246ab51de
ca400e5e49929039d4382b1ce2defadc76d86b5756fac8dbaa6d237d5ef1699c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 15:23:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/730905238/?random=1665415438270&cv=9&fst=1665415438270&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9j0&sendb=1&ig=0&frm=0&url=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_&tiba=Home%20-%20BarxBuddy%20Busy%20Ball&hn=www.google.com&async=1&rfmt=3&fmt=4
216.58.207.194200 OK 1.2 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/730905238/?random=1665415438270&cv=9&fst=1665415438270&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9j0&sendb=1&ig=0&frm=0&url=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_&tiba=Home%20-%20BarxBuddy%20Busy%20Ball&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 216.58.207.194:0
File type ASCII text, with very long lines (2650), with no line terminators
Hash 3e48231df26ae6332bf32dbc8218291c
c8345eedbd4e0045d3158be08818691f3a067e48
877db4e237bd77762026582309a4d6516fcb69c24870305f8f92de0ac51e0b5d
GET /pagead/viewthroughconversion/730905238/?random=1665415438270&cv=9&fst=1665415438270&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9j0&sendb=1&ig=0&frm=0&url=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_&tiba=Home%20-%20BarxBuddy%20Busy%20Ball&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 10 Oct 2022 15:23:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1208
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 10-Oct-2022 15:38:58 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/730863180/?random=1665415438272&cv=9&fst=1665415438272&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9j0&sendb=1&ig=0&frm=0&url=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_&tiba=Home%20-%20BarxBuddy%20Busy%20Ball&hn=www.google.com&async=1&rfmt=3&fmt=4
216.58.207.194200 OK 1.2 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/730863180/?random=1665415438272&cv=9&fst=1665415438272&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9j0&sendb=1&ig=0&frm=0&url=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_&tiba=Home%20-%20BarxBuddy%20Busy%20Ball&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 216.58.207.194:0
File type ASCII text, with very long lines (2650), with no line terminators
Hash f3ea962267d336b158a27b0870368b87
e73bb13ace03dfe81f95d67a7a79f9d8b8bf32fe
3357d255decbe624c4a388fa8bdabc21dda8ecb204445b3e3afd1207149d0e99
GET /pagead/viewthroughconversion/730863180/?random=1665415438272&cv=9&fst=1665415438272&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9j0&sendb=1&ig=0&frm=0&url=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_&tiba=Home%20-%20BarxBuddy%20Busy%20Ball&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 10 Oct 2022 15:23:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1209
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 10-Oct-2022 15:38:58 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/730868448/?random=1665415438274&cv=9&fst=1665415438274&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9j0&sendb=1&ig=0&frm=0&url=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_&tiba=Home%20-%20BarxBuddy%20Busy%20Ball&hn=www.google.com&async=1&rfmt=3&fmt=4
216.58.207.194200 OK 1.2 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/730868448/?random=1665415438274&cv=9&fst=1665415438274&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9j0&sendb=1&ig=0&frm=0&url=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_&tiba=Home%20-%20BarxBuddy%20Busy%20Ball&hn=www.google.com&async=1&rfmt=3&fmt=4
IP 216.58.207.194:0
File type ASCII text, with very long lines (2650), with no line terminators
Hash 57fef62d27e9ce4e0d5c8a223f37d816
47370eda64fd86eab0c0d879eef23eeeb2d24ba0
b0fca7e7597966d535d7c2a9c6e314640828992473086e5d43d86dbc982a85b1
GET /pagead/viewthroughconversion/730868448/?random=1665415438274&cv=9&fst=1665415438274&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2wg9j0&sendb=1&ig=0&frm=0&url=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_&tiba=Home%20-%20BarxBuddy%20Busy%20Ball&hn=www.google.com&async=1&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 10 Oct 2022 15:23:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 1208
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 10-Oct-2022 15:38:58 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
s.yimg.com/wi/config/10141746.json
188.125.94.206200 OK 46 B URL HTTP/2 s.yimg.com/wi/config/10141746.json
IP 188.125.94.206:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 30ed61bd14cb90ac9fc0b14709d892b8
3b8b6d3e092bedca36158e4144c384b9d97bb94e
c5d3efce28e1e4b610068a3bbced4986ea0281028cc3fef3458a4b9c241c1da3
GET /wi/config/10141746.json HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.warmsoft.sa.com
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: GzW69gQEyfH+xP6S+rPboEnZ88x+p2YX6eZhiYDNN9zK5Bbh5l0zq8OMWp2veM6VtunfI9Szn5M=
x-amz-request-id: P1BZWDA1X27NHHVR
date: Mon, 10 Oct 2022 15:23:59 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
last-modified: Wed, 13 Jul 2022 12:57:15 GMT
x-amz-expiration: expiry-date="Fri, 18 Aug 2023 00:00:00 GMT", rule-id="oath-standard-lifecycle"
etag: "30ed61bd14cb90ac9fc0b14709d892b8"
x-amz-server-side-encryption: AES256
x-amz-version-id: rtrgFCJeOY7XeDJM.FhR8ZSfB9_GHv5M
accept-ranges: bytes
content-type: application/json
server: ATS
content-length: 46
referrer-policy: no-referrer-when-downgrade
age: 0
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
tr.outbrain.com/cachedClickId?marketerId=00efe76b38216f21fb23950db8e6453936
64.202.112.127200 OK 56 B URL HTTP/1.1 tr.outbrain.com/cachedClickId?marketerId=00efe76b38216f21fb23950db8e6453936
IP 64.202.112.127:0
File type ASCII text, with no line terminators
Hash 77fbe8ab311fa20557d95906363035ed
5806df80f09a37e070d5f37c49f19797c2763fd0
4fa9f4ca5bfa56b9f8467324e3654f4a717dcd40b70c05b538092d8a101b0599
GET /cachedClickId?marketerId=00efe76b38216f21fb23950db8e6453936 HTTP/1.1
Host: tr.outbrain.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:58 GMT
Content-Type: application/javascript
Content-Length: 56
X-TraceId: 598f8d7999eed80b2eec585eca88f4ef
content-encoding: gzip
tr.outbrain.com/unifiedPixel?marketerId=00efe76b38216f21fb23950db8e6453936&obApiVersion=1.1&obtpVersion=1.10.0&name=PAGE_VIEW&dl=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_&optOut=false&bust=09436850402977243&referrer=
64.202.112.127200 OK 60 B URL HTTP/1.1 tr.outbrain.com/unifiedPixel?marketerId=00efe76b38216f21fb23950db8e6453936&obApiVersion=1.1&obtpVersion=1.10.0&name=PAGE_VIEW&dl=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_&optOut=false&bust=09436850402977243&referrer=
IP 64.202.112.127:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash fb0fc5c090282e372b8bf8ff13ae3ee2
2de3834253ece606ce4d2a6f10a59654b6fa378b
90a8ffa59ad6227daafa10083d4cff2e9b295c9c82135b5f5cedd65b2e7c8ceb
GET /unifiedPixel?marketerId=00efe76b38216f21fb23950db8e6453936&obApiVersion=1.1&obtpVersion=1.10.0&name=PAGE_VIEW&dl=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_&optOut=false&bust=09436850402977243&referrer= HTTP/1.1
Host: tr.outbrain.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
HTTP/1.1 200 OK
Date: Mon, 10 Oct 2022 15:23:58 GMT
Content-Type: image/gif;
Content-Length: 60
Cache-Control: no-cache
X-TraceId: 0466fc437b763a0ae21b75fbc4d61cac
content-encoding: gzip
sp.analytics.yahoo.com/sp.pl?a=10000&d=Mon%2C%2010%20Oct%202022%2015%3A23%3A58%20GMT&n=0&b=Home%20-%20BarxBuddy%20Busy%20Ball&.yp=10141746&f=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_&enc=UTF-8&yv=1.13.0&tagmgr=gtm
212.82.100.181200 OK 43 B URL HTTP/2 sp.analytics.yahoo.com/sp.pl?a=10000&d=Mon%2C%2010%20Oct%202022%2015%3A23%3A58%20GMT&n=0&b=Home%20-%20BarxBuddy%20Busy%20Ball&.yp=10141746&f=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_&enc=UTF-8&yv=1.13.0&tagmgr=gtm
IP 212.82.100.181:0
ASN #34010 Yahoo! UK Services Limited
File type GIF image data, version 89a, 1 x 1\012- data
Hash bff56ce49dd485d195fdfa0a02342568
74fb4071deab7d3ab083562067b735df32c43397
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
GET /sp.pl?a=10000&d=Mon%2C%2010%20Oct%202022%2015%3A23%3A58%20GMT&n=0&b=Home%20-%20BarxBuddy%20Busy%20Ball&.yp=10141746&f=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_&enc=UTF-8&yv=1.13.0&tagmgr=gtm HTTP/1.1
Host: sp.analytics.yahoo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 10 Oct 2022 15:23:58 GMT
expires: Mon, 10 Oct 2022 15:23:58 GMT
pragma: no-cache
cache-control: no-cache, private, must-revalidate
content-type: image/gif
accept-ranges: bytes
content-length: 43
server: ATS
age: 0
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
set-cookie: A3=d=AQABBA45RGMCEGHtQGves4jX4bQzj6-pYVEFEgEBAQGKRWNOYwAAAAAA_eMAAA&S=AQAAApySB2aptjxVcPhV7Z5t6d4; Expires=Tue, 10 Oct 2023 21:23:58 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=2573418419437376&ev=PageView&dl=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_&rl=&if=false&ts=1665415439433&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=30&fbp=fb.2.1665415439429.83761335&it=1665415438260&coo=false&rqm=GET
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=2573418419437376&ev=PageView&dl=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_&rl=&if=false&ts=1665415439433&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=30&fbp=fb.2.1665415439429.83761335&it=1665415438260&coo=false&rqm=GET
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=2573418419437376&ev=PageView&dl=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_&rl=&if=false&ts=1665415439433&sw=1280&sh=1024&v=2.9.84&r=stable&ec=0&o=30&fbp=fb.2.1665415439429.83761335&it=1665415438260&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
date: Mon, 10 Oct 2022 15:23:59 GMT
X-Firefox-Spdy: h2
connect.facebook.net/signals/config/2573418419437376?v=2.9.84&r=stable
31.13.72.12200 OK 87 kB URL HTTP/2 connect.facebook.net/signals/config/2573418419437376?v=2.9.84&r=stable
IP 31.13.72.12:0
File type ASCII text, with very long lines (64471)
Hash c34262c40070a3301a4e81c3bc0817ca
929ff3310b41ba99c0d147272b9e93aff6746d40
c671e1a371d5a624470a4f1af03135f68197307e28c49e29dfc2aa46aa57f989
GET /signals/config/2573418419437376?v=2.9.84&r=stable HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: vITVHAm3LCs5t95HjwLK7yEC9RDC4UCjhDPH9YOHCiAKnc+N3wHjEM2Q90+7I5Wgh9DxlwXY6LJIozm66S8b2A==
priority: u=3,i
x-fb-trip-id: 1904183273
date: Mon, 10 Oct 2022 15:23:59 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
trc-events.taboola.com/1169954/log/3/unip?en=pre_d_eng_tb&tos=1577&scd=7&ssd=1&est=1665415438219&ver=35&isls=true&src=i&invt=1500&rv=1&tim=1665415439798&vi=1665415438219&ri=318b7ee6a751488a9d515b93426500d9&ref=null&cv=20221006-24-RELEASE&item-url=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
141.226.228.48204 No Content 0 B URL HTTP/2 trc-events.taboola.com/1169954/log/3/unip?en=pre_d_eng_tb&tos=1577&scd=7&ssd=1&est=1665415438219&ver=35&isls=true&src=i&invt=1500&rv=1&tim=1665415439798&vi=1665415438219&ri=318b7ee6a751488a9d515b93426500d9&ref=null&cv=20221006-24-RELEASE&item-url=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1169954/log/3/unip?en=pre_d_eng_tb&tos=1577&scd=7&ssd=1&est=1665415438219&ver=35&isls=true&src=i&invt=1500&rv=1&tim=1665415439798&vi=1665415438219&ri=318b7ee6a751488a9d515b93426500d9&ref=null&cv=20221006-24-RELEASE&item-url=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_ HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.warmsoft.sa.com
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Mon, 10 Oct 2022 15:24:00 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: http://www.warmsoft.sa.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
X-Firefox-Spdy: h2
trc-events.taboola.com/1307114/log/3/unip?en=pre_d_eng_tb&tos=1578&scd=7&ssd=1&est=1665415438219&ver=35&isls=true&src=i&invt=1500&rv=1&tim=1665415439799&vi=1665415438219&ri=23051ad936e46288aa617b40ea4f1ca3&ref=null&cv=20221006-24-RELEASE&item-url=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
141.226.228.48204 No Content 0 B URL HTTP/2 trc-events.taboola.com/1307114/log/3/unip?en=pre_d_eng_tb&tos=1578&scd=7&ssd=1&est=1665415438219&ver=35&isls=true&src=i&invt=1500&rv=1&tim=1665415439799&vi=1665415438219&ri=23051ad936e46288aa617b40ea4f1ca3&ref=null&cv=20221006-24-RELEASE&item-url=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1307114/log/3/unip?en=pre_d_eng_tb&tos=1578&scd=7&ssd=1&est=1665415438219&ver=35&isls=true&src=i&invt=1500&rv=1&tim=1665415439799&vi=1665415438219&ri=23051ad936e46288aa617b40ea4f1ca3&ref=null&cv=20221006-24-RELEASE&item-url=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_ HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.warmsoft.sa.com
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Mon, 10 Oct 2022 15:24:00 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: http://www.warmsoft.sa.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
X-Firefox-Spdy: h2
trc-events.taboola.com/1169954/log/3/unip?en=pre_d_eng_tb&tos=4579&scd=7&ssd=1&est=1665415438219&ver=35&isls=true&src=i&invt=3000&rv=1&tim=1665415442800&vi=1665415438219&ri=318b7ee6a751488a9d515b93426500d9&ref=null&cv=20221006-24-RELEASE&item-url=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
141.226.228.48204 No Content 0 B URL HTTP/2 trc-events.taboola.com/1169954/log/3/unip?en=pre_d_eng_tb&tos=4579&scd=7&ssd=1&est=1665415438219&ver=35&isls=true&src=i&invt=3000&rv=1&tim=1665415442800&vi=1665415438219&ri=318b7ee6a751488a9d515b93426500d9&ref=null&cv=20221006-24-RELEASE&item-url=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1169954/log/3/unip?en=pre_d_eng_tb&tos=4579&scd=7&ssd=1&est=1665415438219&ver=35&isls=true&src=i&invt=3000&rv=1&tim=1665415442800&vi=1665415438219&ri=318b7ee6a751488a9d515b93426500d9&ref=null&cv=20221006-24-RELEASE&item-url=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_ HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.warmsoft.sa.com
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Mon, 10 Oct 2022 15:24:02 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: http://www.warmsoft.sa.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
X-Firefox-Spdy: h2
trc-events.taboola.com/1307114/log/3/unip?en=pre_d_eng_tb&tos=4580&scd=7&ssd=1&est=1665415438219&ver=35&isls=true&src=i&invt=3000&rv=1&tim=1665415442801&vi=1665415438219&ri=23051ad936e46288aa617b40ea4f1ca3&ref=null&cv=20221006-24-RELEASE&item-url=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
141.226.228.48204 No Content 0 B URL HTTP/2 trc-events.taboola.com/1307114/log/3/unip?en=pre_d_eng_tb&tos=4580&scd=7&ssd=1&est=1665415438219&ver=35&isls=true&src=i&invt=3000&rv=1&tim=1665415442801&vi=1665415438219&ri=23051ad936e46288aa617b40ea4f1ca3&ref=null&cv=20221006-24-RELEASE&item-url=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_
IP 141.226.228.48:0
ASN #200478 Taboola.com ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1307114/log/3/unip?en=pre_d_eng_tb&tos=4580&scd=7&ssd=1&est=1665415438219&ver=35&isls=true&src=i&invt=3000&rv=1&tim=1665415442801&vi=1665415438219&ri=23051ad936e46288aa617b40ea4f1ca3&ref=null&cv=20221006-24-RELEASE&item-url=http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_ HTTP/1.1
Host: trc-events.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.warmsoft.sa.com
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Mon, 10 Oct 2022 15:24:02 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: http://www.warmsoft.sa.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a70c782-ab29-49bd-86a1-6c1f7c38fbc6.png
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a70c782-ab29-49bd-86a1-6c1f7c38fbc6.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0cb8976d18c6197dc99cd60d784f188b
2e6d5041aff56cc2313cc23438be450b6113f111
27b99d13f075013f66e3ca3d03074cc0b96bd6da63d094701c2f29e017362b8c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7a70c782-ab29-49bd-86a1-6c1f7c38fbc6.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 12292
x-amzn-requestid: d5129b2b-c513-4fa1-8b2c-9bda19870905
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZwatMF5goAMFXRw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63433e54-360ad9352303c09b3b6c2dce;Sampled=0
x-amzn-remapped-date: Sun, 09 Oct 2022 21:34:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: moJJY-yrF8AGl9YHrQw-B2sUiGYAdUJERlssxR-i8UDb2r_SZpCfQw==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 09 Oct 2022 22:30:38 GMT
age: 60806
etag: "2e6d5041aff56cc2313cc23438be450b6113f111"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.barxbuddy-busyball.com/wp-includes/js/wp-emoji-release.min.js?ver=5.7.7
104.21.76.64200 OK 0 B URL HTTP/2 www.barxbuddy-busyball.com/wp-includes/js/wp-emoji-release.min.js?ver=5.7.7
IP 104.21.76.64:0
GET /wp-includes/js/wp-emoji-release.min.js?ver=5.7.7 HTTP/1.1
Host: www.barxbuddy-busyball.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 10 Oct 2022 15:23:56 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 21 May 2021 12:05:06 GMT
etag: W/"3795-5c2d5dee1af6c"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T4D%2BX1a8CyDbtho9CWkrEem0HzXNoD%2BOTly2GEUnnXHsdQkS%2FwHxRr9k95l40MHptHGgRJr38NRUTiLC%2FrAy7h0d1r%2FnNohQL02dcQMaTYIirXBV1Wg8iCvlKnDrSvNI4CRd6I5UtT6hkwmQtw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75805c2ea9b2b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.hotjar.com/c/hotjar-1282132.js?sv=5
108.157.229.95200 OK 0 B URL HTTP/2 static.hotjar.com/c/hotjar-1282132.js?sv=5
IP 108.157.229.95:0
GET /c/hotjar-1282132.js?sv=5 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.warmsoft.sa.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=2592000; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
date: Mon, 10 Oct 2022 15:23:58 GMT
cache-control: max-age=60
etag: W/d90c50bdfe05e0779ad158526786284b
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 f26fbc8f93ad20ccbbd480fccb1e6f88.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: yNCKEgERCbjh2GYEKLesh6niQa7DUiZVwJ31bUnT2nc93tXqNUIVIw==
X-Firefox-Spdy: h2
s.yimg.com/wi/ytc.js
188.125.94.206200 OK 0 B IP 188.125.94.206:0
GET /wi/ytc.js HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: nCROPH7whmOFQjV9I3CX9t4hab2VC4uM+U9dm5oNpAGLj+teIHw3AIyDRc/Ycttie+CvIDib3i8=
x-amz-request-id: 946MNQTH0H2MM8SD
date: Mon, 10 Oct 2022 15:21:23 GMT
last-modified: Tue, 14 Jun 2022 12:21:31 GMT
x-amz-expiration: expiry-date="Thu, 20 Jul 2023 00:00:00 GMT", rule-id="oath-standard-lifecycle"
etag: "6a624022b5d271dcefb070b0b6670abc-df"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=3600
x-amz-version-id: .QD3nDfK79S8_ikLSJXTL23Tdis9tg0C
accept-ranges: bytes
content-type: application/javascript
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin, Accept-Encoding
age: 156
content-encoding: gzip
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
trc.taboola.com/1169954/trc/3/json?tim=1665415438223&data=%7B%22id%22%3A684%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1665415438219%2C%22cv%22%3A%2220221006-24-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.barxbuddy-busyball.com%2F%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dcodefunnels-network-sc%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1665415438222%2C%22ref%22%3Anull%2C%22item-url%22%3A%22http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_%22%2C%22tos%22%3A2%2C%22ssd%22%3A1%2C%22scd%22%3A7%2C%22supv%22%3Atrue%7D%7D&pubit=i
151.101.85.44200 OK 0 B URL HTTP/2 trc.taboola.com/1169954/trc/3/json?tim=1665415438223&data=%7B%22id%22%3A684%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1665415438219%2C%22cv%22%3A%2220221006-24-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.barxbuddy-busyball.com%2F%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dcodefunnels-network-sc%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1665415438222%2C%22ref%22%3Anull%2C%22item-url%22%3A%22http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_%22%2C%22tos%22%3A2%2C%22ssd%22%3A1%2C%22scd%22%3A7%2C%22supv%22%3Atrue%7D%7D&pubit=i
IP 151.101.85.44:0
GET /1169954/trc/3/json?tim=1665415438223&data=%7B%22id%22%3A684%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1665415438219%2C%22cv%22%3A%2220221006-24-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.barxbuddy-busyball.com%2F%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dcodefunnels-network-sc%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1665415438222%2C%22ref%22%3Anull%2C%22item-url%22%3A%22http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_%22%2C%22tos%22%3A2%2C%22ssd%22%3A1%2C%22scd%22%3A7%2C%22supv%22%3Atrue%7D%7D&pubit=i HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Mon, 10 Oct 2022 15:23:58 GMT
via: 1.1 varnish
x-served-by: cache-bma1669-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1665415438.339766,VS0,VE108
vary: Accept-Encoding
x-vcl-time-ms: 108
X-Firefox-Spdy: h2
trc.taboola.com/1307114/trc/3/json?tim=1665415438410&data=%7B%22id%22%3A98%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1665415438219%2C%22cv%22%3A%2220221006-24-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.barxbuddy-busyball.com%2F%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback1%22%2C%22qs%22%3A%22%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dcodefunnels-network-sc%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1665415438226%2C%22ref%22%3Anull%2C%22item-url%22%3A%22http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_%22%2C%22tos%22%3A5%2C%22ssd%22%3A1%2C%22scd%22%3A7%2C%22supv%22%3Atrue%7D%7D&pubit=i
151.101.85.44200 OK 0 B URL HTTP/2 trc.taboola.com/1307114/trc/3/json?tim=1665415438410&data=%7B%22id%22%3A98%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1665415438219%2C%22cv%22%3A%2220221006-24-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.barxbuddy-busyball.com%2F%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback1%22%2C%22qs%22%3A%22%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dcodefunnels-network-sc%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1665415438226%2C%22ref%22%3Anull%2C%22item-url%22%3A%22http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_%22%2C%22tos%22%3A5%2C%22ssd%22%3A1%2C%22scd%22%3A7%2C%22supv%22%3Atrue%7D%7D&pubit=i
IP 151.101.85.44:0
GET /1307114/trc/3/json?tim=1665415438410&data=%7B%22id%22%3A98%2C%22ii%22%3A%22%2F%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1665415438219%2C%22cv%22%3A%2220221006-24-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.barxbuddy-busyball.com%2F%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback1%22%2C%22qs%22%3A%22%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dcodefunnels-network-sc%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpv%22%3Atrue%2C%22supv%22%3Atrue%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1665415438226%2C%22ref%22%3Anull%2C%22item-url%22%3A%22http%3A%2F%2Fwww.warmsoft.sa.com%2Fclicks%2FBarxBusyBall.php%3Fsid%3D996040%26h%3D-x98666hq513ynbaTBLud7tZZgPJ5UBW023DqZvl-Ww%2F6F109WKETX1bgvn5x9wlR0nwnhvysq_2s48Y17HX5zlBzuGE-cKo43vqSECgaBg7aVk4iCReNHmUiLBcLRQ0f14ah6CbXrp-fuwKMQB6z8k3zjt4DkoCrZ1cNEd3IiT_%22%2C%22tos%22%3A5%2C%22ssd%22%3A1%2C%22scd%22%3A7%2C%22supv%22%3Atrue%7D%7D&pubit=i HTTP/1.1
Host: trc.taboola.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
access-control-allow-credentials: true
content-encoding: gzip
accept-ranges: bytes
date: Mon, 10 Oct 2022 15:23:58 GMT
via: 1.1 varnish
x-served-by: cache-bma1669-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1665415438.465037,VS0,VE119
vary: Accept-Encoding
x-vcl-time-ms: 119
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-22484186-3
142.250.74.168200 OK 0 B URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-22484186-3
IP 142.250.74.168:0
GET /gtag/js?id=UA-22484186-3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.warmsoft.sa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 10 Oct 2022 15:23:55 GMT
expires: Mon, 10 Oct 2022 15:23:55 GMT
cache-control: private, max-age=900
last-modified: Mon, 10 Oct 2022 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42395
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2