r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8253
Expires: Fri, 02 Dec 2022 15:52:04 GMT
Date: Fri, 02 Dec 2022 13:34:31 GMT
Connection: keep-alive
www.newarabsex.com/%D8%B3%D9%83%D8%B3-%D9%85%D9%8A%D8%B1%D9%8A%D8%A7%D9%85-%D9%81%D8%A7%D8%B1%D8%B3/
301 Moved Permanently 703 B URL HTTP/1.1 www.newarabsex.com/%D8%B3%D9%83%D8%B3-%D9%85%D9%8A%D8%B1%D9%8A%D8%A7%D9%85-%D9%81%D8%A7%D8%B1%D8%B3/
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (386)
Hash beeae0d3583bf6c394c033ac6812d43f
809a9335974f7b7dc6651f045b371ef42e4807a4
463ce326ee61159252f8a89328b99353ce4591c3cb28b426d8d707d7d249c946
GET /%D8%B3%D9%83%D8%B3-%D9%85%D9%8A%D8%B1%D9%8A%D8%A7%D9%85-%D9%81%D8%A7%D8%B1%D8%B3/ HTTP/1.1
Host: www.newarabsex.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 02 Dec 2022 13:34:31 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://www.newarabsex.com/%d8%b3%d9%83%d8%b3-%d9%85%d9%8a%d8%b1%d9%8a%d8%a7%d9%85-%d9%81%d8%a7%d8%b1%d8%b3/
Cache-Control: max-age=31536000
CF-Cache-Status: MISS
Server-Timing: cf-q-config;dur=6.9999996412662e-06
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CgoVGxp6uRdkpSOTO%2F8pQgiwRErfXJ6KBZawRSTqNl68bkbqFPFkd1C4Ix9UXsgs0pYPMFCHOPqfNyqsH7Mc6m5w0pDldz8SqEygwzSKeOwcHF%2FzC4MJ1ZZxjbUUMHZggT86NPg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 773470c2c916b521-OSL
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
200 OK 471 B IP
Hash 7439fb99a444b66db1e68ffbfaa38451
4b7742d7956485906f1c392c478515ff89a46184
636327ce88f733e5a1d39af212f97242717a39ce20edaef330fafea238e3a309
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1357
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 13:34:31 GMT
Last-Modified: Fri, 02 Dec 2022 13:11:54 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6326
Expires: Fri, 02 Dec 2022 15:19:57 GMT
Date: Fri, 02 Dec 2022 13:34:31 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 13:19:56 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 875
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ANULuujFhCsUMKfDokaJCN1q4UXZUNuc6aoiQePJDXRyRPaObOSIZNxnNBWTKUm45cPMFZ+rKvU=
x-amz-request-id: NPBJSKHZ5D11RGWX
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 12:46:07 GMT
age: 2904
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 13:34:31 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 13:08:57 GMT
cache-control: public,max-age=3600
age: 1534
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 7f1f8fc556d1f7e0aea3e1208ee2fd1c
09c341a56ff876479cfc8a0505a5fef4a5d110f1
65adcf58887bcc23f73379f74ab19a61cfbb93285c95c64b44a6716eeacc1482
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1349
Cache-Control: max-age=158092
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 13:34:31 GMT
Etag: "6389c02e-1d7"
Expires: Sun, 04 Dec 2022 09:29:23 GMT
Last-Modified: Fri, 02 Dec 2022 09:06:54 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 279 B IP
Hash ce9bb4656de0fb3edc54136d631bf5e1
95680f8722fba6e609b77df13566cf572de0183d
9a770b0fe4765e62e69c85565ccd057952fb54d078fb9ddb7732d2199f241bb6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1145
Cache-Control: max-age=149234
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 13:34:31 GMT
Etag: "63899e60-117"
Expires: Sun, 04 Dec 2022 07:01:45 GMT
Last-Modified: Fri, 02 Dec 2022 06:42:40 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 8cd876589951719c94a6d49d1494bdbd
01600c8bb95fac543696e509b3e452b90d844572
e03942321526a2303220b1abd51f82f1d4cf80e0dd22a2582cf809b8bd729521
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 13:34:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-60175046-1
200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-60175046-1
IP
File type ASCII text, with very long lines (1921)
Hash 3902c4fdfc6089644d3e2ff973fa4ea5
1915d9d54eff6110d72a07787a46143e698493f1
ee833ca93d6740afb11fbe9d4823f3a49b2d53b0b301bac2b316aa0a97e777d4
GET /gtag/js?id=UA-60175046-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.newarabsex.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 02 Dec 2022 13:34:31 GMT
expires: Fri, 02 Dec 2022 13:34:31 GMT
cache-control: private, max-age=900
last-modified: Fri, 02 Dec 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43657
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 8cd876589951719c94a6d49d1494bdbd
01600c8bb95fac543696e509b3e452b90d844572
e03942321526a2303220b1abd51f82f1d4cf80e0dd22a2582cf809b8bd729521
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 13:34:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ElJ3NwQ2YlOLXfjA+xxpGQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: CgtGAIkBdQFSPjTVe6SamSaM9jQ=
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.newarabsex.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 02 Dec 2022 12:46:55 GMT
expires: Fri, 02 Dec 2022 14:46:55 GMT
cache-control: public, max-age=7200
age: 2857
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.clarity.ms/tag/42eg5mfnlz
200 OK 20 kB URL HTTP/2 www.clarity.ms/tag/42eg5mfnlz
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash 6fe084d043df5cb3d7f1283de4dda41f
b168911e9156c822e46339423f4135d3b8d7c42e
06f095dae502cffa56ff4cf1253a26ca299ce391f034d6ff89e98c2e39611c82
GET /tag/42eg5mfnlz HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.newarabsex.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache, no-store
content-type: application/x-javascript
expires: -1
set-cookie: CLID=51d289085cb747c7bb7cf6438eb9c249.20221202.20231202; expires=Sat, 02 Dec 2023 13:34:32 GMT; path=/; secure; samesite=none; httponly
request-context: appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2
x-cache: CONFIG_NOCACHE
x-azure-ref: 06P6JYwAAAABjxvRvg8IoSoUmOEjPbh7bQU1TMDRFREdFMTkxNgA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Fri, 02 Dec 2022 13:34:31 GMT
X-Firefox-Spdy: h2
c.bing.com/c.gif?CtsSyncId=36B32A83502D4E0193A0AEDFE08DD89E&RedC=c.clarity.ms&MXFR=1561BE94D7856FFC0AECACFAD3856131
302 Found 0 B URL HTTP/2 c.bing.com/c.gif?CtsSyncId=36B32A83502D4E0193A0AEDFE08DD89E&RedC=c.clarity.ms&MXFR=1561BE94D7856FFC0AECACFAD3856131
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.gif?CtsSyncId=36B32A83502D4E0193A0AEDFE08DD89E&RedC=c.clarity.ms&MXFR=1561BE94D7856FFC0AECACFAD3856131 HTTP/1.1
Host: c.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.newarabsex.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.clarity.ms/c.gif?CtsSyncId=36B32A83502D4E0193A0AEDFE08DD89E&MUID=3EDDCC530659621B31F7DE3D07AC63DD
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SRM_B=3EDDCC530659621B31F7DE3D07AC63DD; domain=c.bing.com; expires=Wed, 27-Dec-2023 13:34:33 GMT; path=/; SameSite=None; Secure;
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3353AC90F8734620A589E237B385CDDD Ref B: OSL30EDGE0113 Ref C: 2022-12-02T13:34:33Z
date: Fri, 02 Dec 2022 13:34:32 GMT
content-length: 0
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15150
Expires: Fri, 02 Dec 2022 17:47:03 GMT
Date: Fri, 02 Dec 2022 13:34:33 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15150
Expires: Fri, 02 Dec 2022 17:47:03 GMT
Date: Fri, 02 Dec 2022 13:34:33 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15150
Expires: Fri, 02 Dec 2022 17:47:03 GMT
Date: Fri, 02 Dec 2022 13:34:33 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15150
Expires: Fri, 02 Dec 2022 17:47:03 GMT
Date: Fri, 02 Dec 2022 13:34:33 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 156e9ea97b774cbd8361072e4041b6c8
fc71ae3cae92ed6011904bb2367f23bf4e69fab4
58d953c19ebbbdfc3965bbe3f52308d4702deaf4d0c029f4674bcb862da138af
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8863
x-amzn-requestid: 798d014b-0f9c-4787-a676-8f5e8fae3d11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdG14HBNIAMFdWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851bf-7549feac6d476a8512676412;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: r_0F64VpyutAOJ9IcTWrs3Sv--fhKiwKsV1FW0fOMSRt1QLLPxvJzg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 10:51:17 GMT
age: 9796
etag: "fc71ae3cae92ed6011904bb2367f23bf4e69fab4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F449f29d0-f60b-4dec-8b5b-0a1971bab406.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F449f29d0-f60b-4dec-8b5b-0a1971bab406.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4c7113338bc3310b13d23ca415c177e2
2cb4edc6b161c6d2d5b47aa498ae54e677966466
3a83adce869dd7eb064c583bf7ff93c57fabd7ea2da872f7d1f7d868b8a492e9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F449f29d0-f60b-4dec-8b5b-0a1971bab406.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10270
x-amzn-requestid: ac2d2825-2ec4-435e-9921-3ea6524df1dc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfG1nEvYoAMFliA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e8a-4419423112b5723e3dba46ea;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:37:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2ihxuuXiECC4oX11t_vswhnLF0UpqDuboPLkrhpWwp-vfCR5pxGGxw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:53:50 GMT
age: 56443
etag: "2cb4edc6b161c6d2d5b47aa498ae54e677966466"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP
File type gzip compressed data, from Unix\012- data
Hash e95b84cf3609d4e57b619e77ce491a57
aaed354d40afe554f570d5571954bb2f5314f051
e53cd6102b4f00f8c27ec02968aabd3667a197ee80bff9f484a578a432adeb61
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: ad2d9243-5e32-4faf-8ff3-b9abd3af1e89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb1_hEJJIAMF4Vg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387d063-596f5833509112ee6cbedf54;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:51:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PIC-TIeTFK_Y2AiqowYT4_8tMuzIKO23lAwx18fYepTf4PIWkmLqkQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 05:20:15 GMT
age: 29658
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 06:00:48 GMT
age: 27225
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1c80b8025242ddfcc816ec612456b99e
aa944d10fe4a44b790b01ef62edc0f85a6d558e3
a9f060bc15738a3fe257e0c81a29e4611a89c273bcbb2765ce856d4e854a5f1f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6edb00ee-3888-4974-ae1a-52ef18e62d0d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11402
x-amzn-requestid: 20c2c359-1e43-40c0-885d-1c90e76ea12b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGzJHu-IAMFbYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e7a-1d89722e767daa014b174a39;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:58 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: OJBnbjJB_kvPuJcePGnno3zI0CTWAzV-Osb2L1hPZZhlNYhFHWmLsA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:51:33 GMT
age: 56580
etag: "aa944d10fe4a44b790b01ef62edc0f85a6d558e3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F40b76495-d9ea-430e-9b62-92b639b122e0.jpeg
200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F40b76495-d9ea-430e-9b62-92b639b122e0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 58a28fc1cbcacdb07b3ca175281982b5
9bc47ee49fc070d0997e49a719bd9758685ad583
d3bfcf749c4652cb29f7c82a5d7ba940bd607f9060e49c1c40a112eb3e625bd9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F40b76495-d9ea-430e-9b62-92b639b122e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6564
x-amzn-requestid: e2875cf3-3915-43a5-a724-4de2ca03de56
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGepHOiIAMFTFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-5f7e2a3f609d54a609a12670;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: mwGAEu-gPXY5Opwd972VbBA6l33dNk7bPFSyZmciaplQKj2ZuTkQSg==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:34:47 GMT
age: 57586
etag: "9bc47ee49fc070d0997e49a719bd9758685ad583"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
c.clarity.ms/c.gif?CtsSyncId=36B32A83502D4E0193A0AEDFE08DD89E&MUID=3EDDCC530659621B31F7DE3D07AC63DD
200 OK 42 B URL HTTP/2 c.clarity.ms/c.gif?CtsSyncId=36B32A83502D4E0193A0AEDFE08DD89E&MUID=3EDDCC530659621B31F7DE3D07AC63DD
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 1 x 1\012- data
Hash 32023bb33cfb2a1990a4ef2d85b6ac16
23dcc6d4b5bfe00357fd0248bb5955b8e36bb8f1
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
GET /c.gif?CtsSyncId=36B32A83502D4E0193A0AEDFE08DD89E&MUID=3EDDCC530659621B31F7DE3D07AC63DD HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.newarabsex.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
content-type: image/gif
last-modified: Thu, 13 Oct 2022 20:07:05 GMT
accept-ranges: bytes
etag: "40db785d3fdfd81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: ANONCHK=0; domain=c.clarity.ms; expires=Fri, 02-Dec-2022 13:44:33 GMT; path=/; SameSite=None; Secure;
date: Fri, 02 Dec 2022 13:34:32 GMT
content-length: 42
X-Firefox-Spdy: h2
b.clarity.ms/collect
204 No Content 0 B IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 989
Origin: https://www.newarabsex.com
Connection: keep-alive
Referer: https://www.newarabsex.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
vary: Origin
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://www.newarabsex.com
access-control-allow-credentials: true
date: Fri, 02 Dec 2022 13:34:33 GMT
X-Firefox-Spdy: h2
b.clarity.ms/collect
204 No Content 2.6 kB IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type gzip compressed data, from Unix\012- data
Hash 563dbdfd15df87c65db52058dfc0a0fe
1e8caa2c41b884d3ea5d5dca57c91e59bef17789
7a4f81c8bfa9034f134fb90a697fe08b4a27120fa01fe2ea4398af70d618ba6e
POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 106785
Origin: https://www.newarabsex.com
Connection: keep-alive
Referer: https://www.newarabsex.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
vary: Origin
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://www.newarabsex.com
access-control-allow-credentials: true
date: Fri, 02 Dec 2022 13:34:33 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5a1dc4792827a142fd604ba04ec5bb9c
50c71c8de2f885374011bd2bd09fef4a2b02c53b
50bf85f67979745794737dfe25d48f4fa0750a57eefef76f38f564796460dab5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "50BF85F67979745794737DFE25D48F4FA0750A57EEFEF76F38F564796460DAB5"
Last-Modified: Thu, 01 Dec 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12633
Expires: Fri, 02 Dec 2022 17:05:10 GMT
Date: Fri, 02 Dec 2022 13:34:37 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 278 B IP
Hash fddb374041478a3281b12ca429b38a50
bc8b3264b1d4c8db5c1beca13dd91688287b483c
911bac1b8e2ed76872c8b2d3171a3b5f61c0f1bad6eb700467625fe46b73ded6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5327
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 13:34:37 GMT
Last-Modified: Fri, 02 Dec 2022 12:05:50 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 278
duckswillsmoochyou.com/lv/esnk/1890076/code.js
200 OK 85 kB URL HTTP/2 duckswillsmoochyou.com/lv/esnk/1890076/code.js
IP
Hash 52cd24189f3f9430adc46d5b7444d838
ca7418590e91686663a239621e689bf76750c49e
8c4960b07297078885c5084903e8417ebaff8c432daa9d25f71ec8b000cb2c56
GET /lv/esnk/1890076/code.js HTTP/1.1
Host: duckswillsmoochyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.newarabsex.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 13:34:37 GMT
content-type: application/javascript
last-modified: Tue, 15 Nov 2022 12:20:41 GMT
vary: Accept-Encoding
etag: W/"63738419-1aaa0"
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
8bbc81b016.d1bcb5ca9f.com/0f2df5ef63f66cdf78011e82a367d925.js
200 OK 37 kB URL HTTP/2 8bbc81b016.d1bcb5ca9f.com/0f2df5ef63f66cdf78011e82a367d925.js
IP
ASN #39572 DataWeb Global Group B.V.
Hash be6b502864285f4875018895dbc81f68
f19c1ec876aed27141b525e770c651a0131d8419
4d48dd58cd68ff71cc88c2e3bf7f1544b0c8e436598961e8d7d3a193ff25e60a
Analyzer Verdict Alert quad9 Sinkholed
GET /0f2df5ef63f66cdf78011e82a367d925.js HTTP/1.1
Host: 8bbc81b016.d1bcb5ca9f.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.newarabsex.com
Connection: keep-alive
Referer: https://www.newarabsex.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:34:37 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 30 Nov 2022 13:10:49 GMT
etag: W/"63875659-17718"
content-encoding: gzip
expires: Fri, 02 Dec 2022 13:39:37 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 278 B IP
Hash fddb374041478a3281b12ca429b38a50
bc8b3264b1d4c8db5c1beca13dd91688287b483c
911bac1b8e2ed76872c8b2d3171a3b5f61c0f1bad6eb700467625fe46b73ded6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5327
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 13:34:37 GMT
Last-Modified: Fri, 02 Dec 2022 12:05:50 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 278
duckswillsmoochyou.com/chicken.gif?z=1891932&pb=985fa4a63ba7271b1fc7f4a44d24e81f1669995277&psp=SGP3DPoD-xg7_SPf1VnjGOcu_kzcFwEKfwzUQ2ESY5JM_wg0VWnubQN03oRIvj1hWX1pT3gDWQXwZzAsia_qkkstFTSttXYkKcXeEfmLV7NfixDagjK2Iq-Hg2vfct95F2Gu0Cv4EUM-9l9BFlAf0gEsK_4vnaBmKIaDZ-Km4TVMXcwj0g3DW6s7rXYFWuFoNTxoa8Um0K_dGL-XdLjUHrjgGD8u61aRE-_QFdyjgxwpag-V8GiIqpHukiyam_PjF6UrqJkZQO1D0LFiA4kL4aGHJv1rz4QgsnGW_mGVPJPg2NtK6IcnE1kGWWAN5q5NKW9IrkGRlUIC6709wtuevhMwuqdB6e5OfOzn4ZHccyVk6_tZYRgwllJW4lPfgDPmtj1YhCIDPcB4VRpgz92hjufwJrjYLykRtUjv3CnZ2IviYgd1Ya56sAUCl2kp7EgTuZR9lprdmjN57GPNgK89hmbgZqGOZS8Ipow2t6Nc31cT2INb5R--8yeIfqlH2tSwCZd4kHfs7akT5SsGxyK3xjwFDdhS4BzXWdzpoy3zo332PPCH0dUjPsNueQVqg1iCeyU9ztORRDk3pr57nldaPdi0BwCfi_3rhB30GfV9dk0VWjLWeGIEcBgY9LQHJuzTFAoaHy2BfBO2FV2IiOisgHHtZVwll4RQFW7cBj3BJrDCG1rTlFDl27Dk7VYII97TamNGnvEiuZnpt8UlzrW_-QWEw-NDfKP7yTOy-9Hlbq8joNr5VWDi&abvar=0&os=0
200 OK 43 B URL HTTP/2 duckswillsmoochyou.com/chicken.gif?z=1891932&pb=985fa4a63ba7271b1fc7f4a44d24e81f1669995277&psp=SGP3DPoD-xg7_SPf1VnjGOcu_kzcFwEKfwzUQ2ESY5JM_wg0VWnubQN03oRIvj1hWX1pT3gDWQXwZzAsia_qkkstFTSttXYkKcXeEfmLV7NfixDagjK2Iq-Hg2vfct95F2Gu0Cv4EUM-9l9BFlAf0gEsK_4vnaBmKIaDZ-Km4TVMXcwj0g3DW6s7rXYFWuFoNTxoa8Um0K_dGL-XdLjUHrjgGD8u61aRE-_QFdyjgxwpag-V8GiIqpHukiyam_PjF6UrqJkZQO1D0LFiA4kL4aGHJv1rz4QgsnGW_mGVPJPg2NtK6IcnE1kGWWAN5q5NKW9IrkGRlUIC6709wtuevhMwuqdB6e5OfOzn4ZHccyVk6_tZYRgwllJW4lPfgDPmtj1YhCIDPcB4VRpgz92hjufwJrjYLykRtUjv3CnZ2IviYgd1Ya56sAUCl2kp7EgTuZR9lprdmjN57GPNgK89hmbgZqGOZS8Ipow2t6Nc31cT2INb5R--8yeIfqlH2tSwCZd4kHfs7akT5SsGxyK3xjwFDdhS4BzXWdzpoy3zo332PPCH0dUjPsNueQVqg1iCeyU9ztORRDk3pr57nldaPdi0BwCfi_3rhB30GfV9dk0VWjLWeGIEcBgY9LQHJuzTFAoaHy2BfBO2FV2IiOisgHHtZVwll4RQFW7cBj3BJrDCG1rTlFDl27Dk7VYII97TamNGnvEiuZnpt8UlzrW_-QWEw-NDfKP7yTOy-9Hlbq8joNr5VWDi&abvar=0&os=0
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
GET /chicken.gif?z=1891932&pb=985fa4a63ba7271b1fc7f4a44d24e81f1669995277&psp=SGP3DPoD-xg7_SPf1VnjGOcu_kzcFwEKfwzUQ2ESY5JM_wg0VWnubQN03oRIvj1hWX1pT3gDWQXwZzAsia_qkkstFTSttXYkKcXeEfmLV7NfixDagjK2Iq-Hg2vfct95F2Gu0Cv4EUM-9l9BFlAf0gEsK_4vnaBmKIaDZ-Km4TVMXcwj0g3DW6s7rXYFWuFoNTxoa8Um0K_dGL-XdLjUHrjgGD8u61aRE-_QFdyjgxwpag-V8GiIqpHukiyam_PjF6UrqJkZQO1D0LFiA4kL4aGHJv1rz4QgsnGW_mGVPJPg2NtK6IcnE1kGWWAN5q5NKW9IrkGRlUIC6709wtuevhMwuqdB6e5OfOzn4ZHccyVk6_tZYRgwllJW4lPfgDPmtj1YhCIDPcB4VRpgz92hjufwJrjYLykRtUjv3CnZ2IviYgd1Ya56sAUCl2kp7EgTuZR9lprdmjN57GPNgK89hmbgZqGOZS8Ipow2t6Nc31cT2INb5R--8yeIfqlH2tSwCZd4kHfs7akT5SsGxyK3xjwFDdhS4BzXWdzpoy3zo332PPCH0dUjPsNueQVqg1iCeyU9ztORRDk3pr57nldaPdi0BwCfi_3rhB30GfV9dk0VWjLWeGIEcBgY9LQHJuzTFAoaHy2BfBO2FV2IiOisgHHtZVwll4RQFW7cBj3BJrDCG1rTlFDl27Dk7VYII97TamNGnvEiuZnpt8UlzrW_-QWEw-NDfKP7yTOy-9Hlbq8joNr5VWDi&abvar=0&os=0 HTTP/1.1
Host: duckswillsmoochyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=2212020834fd76295dbe584187944870b885
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 13:34:37 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACIIEwAAAAAAAAAB; Path=/; Expires=Sun, 01 Jan 2023 13:34:37 GMT; Secure; SameSite=None
OACIBLOCK=ACIIEwAAAABjiYZQ; Path=/; Expires=Sun, 01 Jan 2023 13:34:37 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Sat, 03 Dec 2022 13:34:37 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
duckswillsmoochyou.com/chicken.gif?z=1890076&pb=985fa4a63ba7271b1fc7f4a44d24e81f1669995277&psp=RJYvbXP2KDomGzFwcz2KT5az7SEN5mFwEKItOnzhY2q-XtRVfyYWmWakFl9FbcywV6f2MXWrt0fSFvq7w_9Q1xiaiIGyenV_rjifXnhbxBdHkO6VbSnSavgjMes-pcMcYmHE9AsAipJevYJtpoa8Dm-KG7m85BU3NEV7geutSPd9NbzjvEEVR8eDF4psv9ejxhbz9mc4KO9l5NPl0wMAA75ZiKiT_oksmYKZdf2p9M_RJEH3WOeZZBw5ExWVC6hHEpkUywfNs_lT-Xgj-V1Y_ODnzJeU0-NL8zRSi74TTMIG-Ge5mHH_pIy6BzbHog-YeAAeQYAPa1qXFnY1j4aMLlfszgdyXPlYjmkmYieabLTLWxB7YPlQ8pZL47VUjnR7BSKl37bH86Dvs9bnwIHdaDJgYk63mOzjj6jN65sctxItX-PUihPbjB-jsKshD6iXKQgv0-07OC4Lsqu_B74uHL8uOucF4nF1cKAEdqjMYIhN2GkMvUIsS35ooh8km2wB3zzuNmcx57fVNtymkuQQMjw7eDegVE7DXqGcjbAuCSe0SCEYhXh0FcOL9UkJ09Xnydx3J_CBW47qK3VQI6mQ8w13l7HYyXrCGT1UYwscro2TaJoaa4OjJ3axRLLhu5M47Q8zlaa-PaP30hfg0wESoR6dNbCTofhJyKEc9Dx9R_jmhPtdzXI96EOZjm5Mpq3CMWLL2_4zRe7hM9YNdJdBAtwueSObVHyUgfVv1l_euTN86rNuXWF3&abvar=0&os=0
200 OK 43 B URL HTTP/2 duckswillsmoochyou.com/chicken.gif?z=1890076&pb=985fa4a63ba7271b1fc7f4a44d24e81f1669995277&psp=RJYvbXP2KDomGzFwcz2KT5az7SEN5mFwEKItOnzhY2q-XtRVfyYWmWakFl9FbcywV6f2MXWrt0fSFvq7w_9Q1xiaiIGyenV_rjifXnhbxBdHkO6VbSnSavgjMes-pcMcYmHE9AsAipJevYJtpoa8Dm-KG7m85BU3NEV7geutSPd9NbzjvEEVR8eDF4psv9ejxhbz9mc4KO9l5NPl0wMAA75ZiKiT_oksmYKZdf2p9M_RJEH3WOeZZBw5ExWVC6hHEpkUywfNs_lT-Xgj-V1Y_ODnzJeU0-NL8zRSi74TTMIG-Ge5mHH_pIy6BzbHog-YeAAeQYAPa1qXFnY1j4aMLlfszgdyXPlYjmkmYieabLTLWxB7YPlQ8pZL47VUjnR7BSKl37bH86Dvs9bnwIHdaDJgYk63mOzjj6jN65sctxItX-PUihPbjB-jsKshD6iXKQgv0-07OC4Lsqu_B74uHL8uOucF4nF1cKAEdqjMYIhN2GkMvUIsS35ooh8km2wB3zzuNmcx57fVNtymkuQQMjw7eDegVE7DXqGcjbAuCSe0SCEYhXh0FcOL9UkJ09Xnydx3J_CBW47qK3VQI6mQ8w13l7HYyXrCGT1UYwscro2TaJoaa4OjJ3axRLLhu5M47Q8zlaa-PaP30hfg0wESoR6dNbCTofhJyKEc9Dx9R_jmhPtdzXI96EOZjm5Mpq3CMWLL2_4zRe7hM9YNdJdBAtwueSObVHyUgfVv1l_euTN86rNuXWF3&abvar=0&os=0
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
GET /chicken.gif?z=1890076&pb=985fa4a63ba7271b1fc7f4a44d24e81f1669995277&psp=RJYvbXP2KDomGzFwcz2KT5az7SEN5mFwEKItOnzhY2q-XtRVfyYWmWakFl9FbcywV6f2MXWrt0fSFvq7w_9Q1xiaiIGyenV_rjifXnhbxBdHkO6VbSnSavgjMes-pcMcYmHE9AsAipJevYJtpoa8Dm-KG7m85BU3NEV7geutSPd9NbzjvEEVR8eDF4psv9ejxhbz9mc4KO9l5NPl0wMAA75ZiKiT_oksmYKZdf2p9M_RJEH3WOeZZBw5ExWVC6hHEpkUywfNs_lT-Xgj-V1Y_ODnzJeU0-NL8zRSi74TTMIG-Ge5mHH_pIy6BzbHog-YeAAeQYAPa1qXFnY1j4aMLlfszgdyXPlYjmkmYieabLTLWxB7YPlQ8pZL47VUjnR7BSKl37bH86Dvs9bnwIHdaDJgYk63mOzjj6jN65sctxItX-PUihPbjB-jsKshD6iXKQgv0-07OC4Lsqu_B74uHL8uOucF4nF1cKAEdqjMYIhN2GkMvUIsS35ooh8km2wB3zzuNmcx57fVNtymkuQQMjw7eDegVE7DXqGcjbAuCSe0SCEYhXh0FcOL9UkJ09Xnydx3J_CBW47qK3VQI6mQ8w13l7HYyXrCGT1UYwscro2TaJoaa4OjJ3axRLLhu5M47Q8zlaa-PaP30hfg0wESoR6dNbCTofhJyKEc9Dx9R_jmhPtdzXI96EOZjm5Mpq3CMWLL2_4zRe7hM9YNdJdBAtwueSObVHyUgfVv1l_euTN86rNuXWF3&abvar=0&os=0 HTTP/1.1
Host: duckswillsmoochyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=2212020834fd76295dbe584187944870b885
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 13:34:37 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACIIEwAAAAAAAAAB; Path=/; Expires=Sun, 01 Jan 2023 13:34:37 GMT; Secure; SameSite=None
OACIBLOCK=ACIIEwAAAABjiYZQ; Path=/; Expires=Sun, 01 Jan 2023 13:34:37 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Sat, 03 Dec 2022 13:34:37 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d8516c7c4119452635ad1f6157cf7543
324886bc68c344a121d485d93962d7cdd0430a46
3c43bd29eec037fdf1186e45a4f28d9a21a3d46772edadc355999da2b89d508c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3C43BD29EEC037FDF1186E45A4F28D9A21A3D46772EDADC355999DA2B89D508C"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2913
Expires: Fri, 02 Dec 2022 14:23:10 GMT
Date: Fri, 02 Dec 2022 13:34:37 GMT
Connection: keep-alive
js.wpadmngr.com/npc/sdk/wp-banners.js
200 OK 0 B URL HTTP/2 js.wpadmngr.com/npc/sdk/wp-banners.js
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.newarabsex.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:34:37 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Fri, 02 Dec 2022 13:39:37 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ta3nfsordd.com/solid.gif?z=1888413&abvar=0
200 OK 43 B URL HTTP/2 ta3nfsordd.com/solid.gif?z=1888413&abvar=0
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
POST /solid.gif?z=1888413&abvar=0 HTTP/1.1
Host: ta3nfsordd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.newarabsex.com
Connection: keep-alive
Referer: https://www.newarabsex.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 13:34:37 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c22378ca01fffc12414fba63f4da0578
52a273758ba711ade35c63c1ba327de6071acf95
5d14421d11531386a1637eae7a17d411f038de640ed57e901257c21a5a7eea99
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D14421D11531386A1637EAE7A17D411F038DE640ED57E901257C21A5A7EEA99"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3771
Expires: Fri, 02 Dec 2022 14:37:28 GMT
Date: Fri, 02 Dec 2022 13:34:37 GMT
Connection: keep-alive
ta3nfsordd.com/solid.gif?z=1888413&abvar=0
200 OK 43 B URL HTTP/2 ta3nfsordd.com/solid.gif?z=1888413&abvar=0
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
POST /solid.gif?z=1888413&abvar=0 HTTP/1.1
Host: ta3nfsordd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.newarabsex.com
Connection: keep-alive
Referer: https://www.newarabsex.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 13:34:37 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=2414
204 No Content 0 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=2414
IP
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=2414 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.newarabsex.com/
Origin: https://www.newarabsex.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Fri, 02 Dec 2022 13:34:37 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://www.newarabsex.com
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
notification.tubecup.net/tags?tag_id=2414&timezone_olson=UTC&version_name=b
200 OK 2.0 kB URL HTTP/2 notification.tubecup.net/tags?tag_id=2414&timezone_olson=UTC&version_name=b
IP
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with very long lines (2005), with no line terminators
Hash 6cfec180c6c20b78148dcafee676f982
bfa512edf736baa8d592644628228df2b3a5a540
7229f23ecc41acdfd8a23de4cde6e65370f080cec625596e123a35efd0824b01
GET /tags?tag_id=2414&timezone_olson=UTC&version_name=b HTTP/1.1
Host: notification.tubecup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.newarabsex.com
Connection: keep-alive
Referer: https://www.newarabsex.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 02 Dec 2022 13:34:37 GMT
content-type: application/json
content-length: 2005
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
pl15905623.profitablegatetocontent.com/91/7e/be/917ebec7789aea44fb9088eca9d68453.js
200 OK 13 kB URL HTTP/1.1 pl15905623.profitablegatetocontent.com/91/7e/be/917ebec7789aea44fb9088eca9d68453.js
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37169), with no line terminators
Hash d453b1717f6463cb26279ab59fbb1c37
a96d4937ae142e6e2e270590be72ec2667e3d2d6
267adbde453cded59c8f4650086d3b4c5c7d3b5b5d8b6663bdd355876d9e6ccd
Analyzer Verdict Alert quad9 Sinkholed
GET /91/7e/be/917ebec7789aea44fb9088eca9d68453.js HTTP/1.1
Host: pl15905623.profitablegatetocontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.newarabsex.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 02 Dec 2022 13:34:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 16165ca7146067467ed696c6be8aa6fc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c529cd84dc63f4ca26ded9a533e7c064
f0a025f6d94ddaa02291f6de91f2872e25424844
99dbae7f20e6601d18237edb9eb7501befc29eb62050624dc56802a182948abe
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "99DBAE7F20E6601D18237EDB9EB7501BEFC29EB62050624DC56802A182948ABE"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12295
Expires: Fri, 02 Dec 2022 16:59:32 GMT
Date: Fri, 02 Dec 2022 13:34:37 GMT
Connection: keep-alive
8bbc81b016.d1bcb5ca9f.com/ca5300ef81b6c4fe783112a0f5eb5faa.js
200 OK 15 kB URL HTTP/2 8bbc81b016.d1bcb5ca9f.com/ca5300ef81b6c4fe783112a0f5eb5faa.js
IP
ASN #39572 DataWeb Global Group B.V.
Hash 74944ac29066269ee81a9d25083386f4
e05dd614e61dfb2d002103e00122b79b9c82ed30
1c9d3692b23843c7c35c3a7cf31739e18b58547e90ebb7a06541640bb8a870a9
Analyzer Verdict Alert quad9 Sinkholed
GET /ca5300ef81b6c4fe783112a0f5eb5faa.js HTTP/1.1
Host: 8bbc81b016.d1bcb5ca9f.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.newarabsex.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:34:37 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 17 Oct 2022 14:33:56 GMT
etag: W/"634d67d4-b2f5"
content-encoding: gzip
expires: Fri, 02 Dec 2022 13:39:37 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=2414
200 OK 28 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=2414
IP
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text
Hash e3af49472d683a217237a6ebaf79bcb7
378db4d7e6171a2676ee15c80b4475d7f5ec9742
7714898d715fb8b1ce7a1de73e0e7c9f6394acc8a08cf1a3b342a7829d4de84a
POST /fp?tag_id=2414 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 22287
Origin: https://www.newarabsex.com
Connection: keep-alive
Referer: https://www.newarabsex.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 02 Dec 2022 13:34:37 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 28
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.newarabsex.com
Set-Cookie: id=12069179490549916940; Expires=Sat, 02 Dec 2023 13:34:37 GMT; Secure; SameSite=None
Vary: Origin
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 22697cff4db5ea5a4c791ce4358a971f
fa4d1ffe6a7354f75e8607231f57a5728e87dfb3
61575c6d3a055a65d09622357da8cdf97d57b96ed8d1d4a7360bd8432931d638
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "61575C6D3A055A65D09622357DA8CDF97D57B96ED8D1D4A7360BD8432931D638"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3818
Expires: Fri, 02 Dec 2022 14:38:16 GMT
Date: Fri, 02 Dec 2022 13:34:38 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash aa434368e2f4378127ff86ea9fba2b1b
28dcc7871640b1103d49965a6df7e8d34ff77e9f
9219b3f3bade5b969822bded87e808423b152210cea6cb3da9bcb84daba1ce46
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9219B3F3BADE5B969822BDED87E808423B152210CEA6CB3DA9BCB84DABA1CE46"
Last-Modified: Thu, 01 Dec 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13361
Expires: Fri, 02 Dec 2022 17:17:19 GMT
Date: Fri, 02 Dec 2022 13:34:38 GMT
Connection: keep-alive
bc5b242f88.86521e18d4.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI3Njc1MjY4NDgxODgxNzExMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTcuMyIsInRhZ19pZCI6MjQxNCwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjUsImlzX3YyIjoxLCJpc192Ml9lbXB0eSI6bnVsbCwidXNlcl9rZXl3b3JkcyI6IiVEOCVCMyVEOSU4MyVEOCVCMyUyQyVEOSU4NSVEOSU4QSVEOCVCMSVEOSU4QSVEOCVBNyVEOSU4NSUyQyVEOSU4MSVEOCVBNyVEOCVCMSVEOCVCMyUyQyVEOSU4MSVEOSU4QSVEOSU4NCVEOSU4NSUyQyVEOSU4OCUyQyVEOCVCNSVEOSU4OCVEOCVCMSUyQyVEOSU4MyVEOCVCMyUyQyVEOCVCNyVEOSU4QSVEOCVCMiUyQyVEOCVBOCVEOCVCMiVEOCVBNyVEOCVCMiUyQyVEOCVBNyVEOSU4NCVEOSU4NSVEOCVCQSVEOSU4NiVEOSU4QSVEOCVBOSUyQyVEOCVBNyVEOSU4NCVEOCVCMyVEOCVBNyVEOCVBRSVEOSU4NiVEOCVBOSUyQyVEOCVCMyVEOSU4MyVEOCVCMyUyQyVEOSU4NSVEOSU4QSVEOCVCMSVEOSU4QSVEOCVBNyVEOSU4NSUyQyVEOSU4MSVEOCVBNyVEOCVCMSVEOCVCMyUyQyVEOSU4MSVEOSU4QSVEOSU4NCVEOSU4NSUyQyVEOSU4NSVEOCVBQiVEOSU4QSVEOCVCMSUyQyVEOCVBQyVEOCVBRiVEOCVBNyVEOSU4QiUyQyVEOSU4OCUyQyVEOCVCNSVEOSU4OCVEOCVCMSUyQyVEOCVCMyVEOSU4MyVEOCVCMyUyQyVEOCVBOCVEOCVCMiVEOCVBNyVEOCVCMiUyQyVEOSU4MyVEOCVCMyUyQyVEOCVCNyVEOSU4QSVEOCVCMiUyQyVEOSU4NiVEOSU4QSVEOSU4MyUyQyVEOCVBNyVEOSU4NCVEOSU4NiVEOCVBQyVEOSU4NSVEOCVBOSUyQyVEOCVBNyVEOSU4NCVEOCVBQyVEOSU4NSVEOSU4QSVEOSU4NCVEOCVBOSUyQyVEOSU4OCVEOSU4NyVEOSU4QSUyQyVEOSU4MSVEOCVBNyVEOCVBQSVEOSU4NiVEOCVBOSUyQyVEOCVBNyVEOSU4NCVEOSU4MSVEOSU4NiUyQyVEOCVBNyVEOSU4NCVEOSU4NCVEOCVBOCVEOSU4NiVEOCVBNyVEOSU4NiVEOSU4QSUyQyVEOSU4MSVEOSU4QSUyQyVEOCVBMiVEOCVBRSVEOCVCMSUyQzE1JTJDJUQ4JUI5JUQ4JUE3JUQ5JTg1JTJDJUQ4JUFBJUQ5JTg1JUQ4JUFBJUQ4JUE3JUQ4JUIyJTJDJUQ4JUE4JUQ4JUIzJUQ4JUFBJUQ4JUE3JUQ5JThBJUQ5JTg0JTJDJUQ4JUIxJUQ4JUE3JUQ5JTgyJUQ5JThBJTJDJUQ5JTg1JUQ4JUFCJUQ5JThBJUQ4JUIxJTJDJUQ5JTg4JUQ5JTgyJUQ4JUFGJUQ4JUIxJUQ4JUE5JTJDJUQ5JTgzJUQ4JUE4JUQ5JThBJUQ4JUIxJUQ4JUE5JTJDJUQ4JUI5JUQ5JTg0JUQ5JTg5JTIwIn0=
200 OK 0 B URL HTTP/2 bc5b242f88.86521e18d4.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI3Njc1MjY4NDgxODgxNzExMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTcuMyIsInRhZ19pZCI6MjQxNCwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjUsImlzX3YyIjoxLCJpc192Ml9lbXB0eSI6bnVsbCwidXNlcl9rZXl3b3JkcyI6IiVEOCVCMyVEOSU4MyVEOCVCMyUyQyVEOSU4NSVEOSU4QSVEOCVCMSVEOSU4QSVEOCVBNyVEOSU4NSUyQyVEOSU4MSVEOCVBNyVEOCVCMSVEOCVCMyUyQyVEOSU4MSVEOSU4QSVEOSU4NCVEOSU4NSUyQyVEOSU4OCUyQyVEOCVCNSVEOSU4OCVEOCVCMSUyQyVEOSU4MyVEOCVCMyUyQyVEOCVCNyVEOSU4QSVEOCVCMiUyQyVEOCVBOCVEOCVCMiVEOCVBNyVEOCVCMiUyQyVEOCVBNyVEOSU4NCVEOSU4NSVEOCVCQSVEOSU4NiVEOSU4QSVEOCVBOSUyQyVEOCVBNyVEOSU4NCVEOCVCMyVEOCVBNyVEOCVBRSVEOSU4NiVEOCVBOSUyQyVEOCVCMyVEOSU4MyVEOCVCMyUyQyVEOSU4NSVEOSU4QSVEOCVCMSVEOSU4QSVEOCVBNyVEOSU4NSUyQyVEOSU4MSVEOCVBNyVEOCVCMSVEOCVCMyUyQyVEOSU4MSVEOSU4QSVEOSU4NCVEOSU4NSUyQyVEOSU4NSVEOCVBQiVEOSU4QSVEOCVCMSUyQyVEOCVBQyVEOCVBRiVEOCVBNyVEOSU4QiUyQyVEOSU4OCUyQyVEOCVCNSVEOSU4OCVEOCVCMSUyQyVEOCVCMyVEOSU4MyVEOCVCMyUyQyVEOCVBOCVEOCVCMiVEOCVBNyVEOCVCMiUyQyVEOSU4MyVEOCVCMyUyQyVEOCVCNyVEOSU4QSVEOCVCMiUyQyVEOSU4NiVEOSU4QSVEOSU4MyUyQyVEOCVBNyVEOSU4NCVEOSU4NiVEOCVBQyVEOSU4NSVEOCVBOSUyQyVEOCVBNyVEOSU4NCVEOCVBQyVEOSU4NSVEOSU4QSVEOSU4NCVEOCVBOSUyQyVEOSU4OCVEOSU4NyVEOSU4QSUyQyVEOSU4MSVEOCVBNyVEOCVBQSVEOSU4NiVEOCVBOSUyQyVEOCVBNyVEOSU4NCVEOSU4MSVEOSU4NiUyQyVEOCVBNyVEOSU4NCVEOSU4NCVEOCVBOCVEOSU4NiVEOCVBNyVEOSU4NiVEOSU4QSUyQyVEOSU4MSVEOSU4QSUyQyVEOCVBMiVEOCVBRSVEOCVCMSUyQzE1JTJDJUQ4JUI5JUQ4JUE3JUQ5JTg1JTJDJUQ4JUFBJUQ5JTg1JUQ4JUFBJUQ4JUE3JUQ4JUIyJTJDJUQ4JUE4JUQ4JUIzJUQ4JUFBJUQ4JUE3JUQ5JThBJUQ5JTg0JTJDJUQ4JUIxJUQ4JUE3JUQ5JTgyJUQ5JThBJTJDJUQ5JTg1JUQ4JUFCJUQ5JThBJUQ4JUIxJTJDJUQ5JTg4JUQ5JTgyJUQ4JUFGJUQ4JUIxJUQ4JUE5JTJDJUQ5JTgzJUQ4JUE4JUQ5JThBJUQ4JUIxJUQ4JUE5JTJDJUQ4JUI5JUQ5JTg0JUQ5JTg5JTIwIn0=
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI3Njc1MjY4NDgxODgxNzExMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTcuMyIsInRhZ19pZCI6MjQxNCwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjUsImlzX3YyIjoxLCJpc192Ml9lbXB0eSI6bnVsbCwidXNlcl9rZXl3b3JkcyI6IiVEOCVCMyVEOSU4MyVEOCVCMyUyQyVEOSU4NSVEOSU4QSVEOCVCMSVEOSU4QSVEOCVBNyVEOSU4NSUyQyVEOSU4MSVEOCVBNyVEOCVCMSVEOCVCMyUyQyVEOSU4MSVEOSU4QSVEOSU4NCVEOSU4NSUyQyVEOSU4OCUyQyVEOCVCNSVEOSU4OCVEOCVCMSUyQyVEOSU4MyVEOCVCMyUyQyVEOCVCNyVEOSU4QSVEOCVCMiUyQyVEOCVBOCVEOCVCMiVEOCVBNyVEOCVCMiUyQyVEOCVBNyVEOSU4NCVEOSU4NSVEOCVCQSVEOSU4NiVEOSU4QSVEOCVBOSUyQyVEOCVBNyVEOSU4NCVEOCVCMyVEOCVBNyVEOCVBRSVEOSU4NiVEOCVBOSUyQyVEOCVCMyVEOSU4MyVEOCVCMyUyQyVEOSU4NSVEOSU4QSVEOCVCMSVEOSU4QSVEOCVBNyVEOSU4NSUyQyVEOSU4MSVEOCVBNyVEOCVCMSVEOCVCMyUyQyVEOSU4MSVEOSU4QSVEOSU4NCVEOSU4NSUyQyVEOSU4NSVEOCVBQiVEOSU4QSVEOCVCMSUyQyVEOCVBQyVEOCVBRiVEOCVBNyVEOSU4QiUyQyVEOSU4OCUyQyVEOCVCNSVEOSU4OCVEOCVCMSUyQyVEOCVCMyVEOSU4MyVEOCVCMyUyQyVEOCVBOCVEOCVCMiVEOCVBNyVEOCVCMiUyQyVEOSU4MyVEOCVCMyUyQyVEOCVCNyVEOSU4QSVEOCVCMiUyQyVEOSU4NiVEOSU4QSVEOSU4MyUyQyVEOCVBNyVEOSU4NCVEOSU4NiVEOCVBQyVEOSU4NSVEOCVBOSUyQyVEOCVBNyVEOSU4NCVEOCVBQyVEOSU4NSVEOSU4QSVEOSU4NCVEOCVBOSUyQyVEOSU4OCVEOSU4NyVEOSU4QSUyQyVEOSU4MSVEOCVBNyVEOCVBQSVEOSU4NiVEOCVBOSUyQyVEOCVBNyVEOSU4NCVEOSU4MSVEOSU4NiUyQyVEOCVBNyVEOSU4NCVEOSU4NCVEOCVBOCVEOSU4NiVEOCVBNyVEOSU4NiVEOSU4QSUyQyVEOSU4MSVEOSU4QSUyQyVEOCVBMiVEOCVBRSVEOCVCMSUyQzE1JTJDJUQ4JUI5JUQ4JUE3JUQ5JTg1JTJDJUQ4JUFBJUQ5JTg1JUQ4JUFBJUQ4JUE3JUQ4JUIyJTJDJUQ4JUE4JUQ4JUIzJUQ4JUFBJUQ4JUE3JUQ5JThBJUQ5JTg0JTJDJUQ4JUIxJUQ4JUE3JUQ5JTgyJUQ5JThBJTJDJUQ5JTg1JUQ4JUFCJUQ5JThBJUQ4JUIxJTJDJUQ5JTg4JUQ5JTgyJUQ4JUFGJUQ4JUIxJUQ4JUE5JTJDJUQ5JTgzJUQ4JUE4JUQ5JThBJUQ4JUIxJUQ4JUE5JTJDJUQ4JUI5JUQ5JTg0JUQ5JTg5JTIwIn0= HTTP/1.1
Host: bc5b242f88.86521e18d4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.newarabsex.com
Connection: keep-alive
Referer: https://www.newarabsex.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:34:38 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
js.cabnnr.com/banner-admanager/build.m.js
200 OK 18 kB URL HTTP/2 js.cabnnr.com/banner-admanager/build.m.js
IP
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (53345), with no line terminators
Hash fa88d73a02f4ee61367f5a69069c3ee9
ac5f6d05c77f12670c56e72c8a80704e180c7ff8
303359910dcaf5162adf1859889549d4a4c7ea6b4a8753fb49c92cecbdc54c42
GET /banner-admanager/build.m.js HTTP/1.1
Host: js.cabnnr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.newarabsex.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:34:37 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 30 Nov 2022 14:18:35 GMT
etag: W/"6387663b-d063"
content-encoding: gzip
expires: Fri, 02 Dec 2022 13:39:37 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash f60f02a95664f3be8fd0b4e614010c6a
bb83d56ac8ae98bff5e9954dffc7f2035b47f63f
eddc54420a811685bfd0c2c14dd13340c9380b529bf1bb8c0426baa0375a67f2
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=87269
Date: Fri, 02 Dec 2022 13:34:38 GMT
Etag: "6388ac95-1d7"
Expires: Sat, 03 Dec 2022 13:49:07 GMT
Last-Modified: Thu, 01 Dec 2022 13:31:01 GMT
Server: ECS (bsa/EB21)
X-Cache: Miss from cloudfront
Via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 8I2XVviIM2zrwoIBYRhu0GZjPQqf_aFYpYp6_EjpZW4-elHLFCq6QQ==
Age: 1086
ta3nfsordd.com/get/1888413?zoneid=1888413&jp=_cl3mdg1zlozl3w1ua2sanl&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=8835168616520425
200 OK 97 B URL HTTP/2 ta3nfsordd.com/get/1888413?zoneid=1888413&jp=_cl3mdg1zlozl3w1ua2sanl&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=8835168616520425
IP
Hash 468bc6d326a32196ea369ddf8fe4a754
ce07531b46727349a39f3f60a9f2902292569637
fd02b7770fcee96ce61b840292d074462a93d098f32eac6013b394383dd6e89a
Analyzer Verdict Alert quad9 Sinkholed
GET /get/1888413?zoneid=1888413&jp=_cl3mdg1zlozl3w1ua2sanl&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=8835168616520425 HTTP/1.1
Host: ta3nfsordd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.newarabsex.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 13:34:37 GMT
content-type: text/javascript
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=2212020834700b220a7eaa4bd28dd92e1b1f; Path=/; Expires=Sat, 02 Dec 2023 13:34:37 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 22697cff4db5ea5a4c791ce4358a971f
fa4d1ffe6a7354f75e8607231f57a5728e87dfb3
61575c6d3a055a65d09622357da8cdf97d57b96ed8d1d4a7360bd8432931d638
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "61575C6D3A055A65D09622357DA8CDF97D57B96ED8D1D4A7360BD8432931D638"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3818
Expires: Fri, 02 Dec 2022 14:38:16 GMT
Date: Fri, 02 Dec 2022 13:34:38 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 100046b401119c053c73bd994eb1cd18
59e20cb6c6d575d0d914c963a2c7fac6f1ad894f
44300218d31bb05684ba4992d9ec504b69a8530079f02f4c40d00eeca8a8556f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "44300218D31BB05684BA4992D9EC504B69A8530079F02F4C40D00EECA8A8556F"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5494
Expires: Fri, 02 Dec 2022 15:06:12 GMT
Date: Fri, 02 Dec 2022 13:34:38 GMT
Connection: keep-alive
sw.wpush.org/ps/sw.js
200 OK 1.8 kB IP
ASN #39572 DataWeb Global Group B.V.
Hash ee84aae4ede59e0bae6da51884c5bd2c
a3722313bbfee8aab5a3411eadd53ac68860a637
095ae5123ad792e812a6e6124ea17870a65c49a7fdc5effca1bf0d546e940321
GET /ps/sw.js HTTP/1.1
Host: sw.wpush.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.newarabsex.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:34:38 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 25 Nov 2022 14:22:37 GMT
etag: W/"6380cfad-158c"
content-encoding: gzip
expires: Fri, 02 Dec 2022 13:39:38 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 976ec0477aa30cbf00f53b05c49663ff
0d333f4aab7f1286c2e68480ba986915f0188b8d
e6eb3a90890b38211a9cfad8c78fd23978e2f855829c4e0cde29feccf1d8950a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E6EB3A90890B38211A9CFAD8C78FD23978E2F855829C4E0CDE29FECCF1D8950A"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12349
Expires: Fri, 02 Dec 2022 17:00:27 GMT
Date: Fri, 02 Dec 2022 13:34:38 GMT
Connection: keep-alive
tallysaturatesnare.com/sbar.json?key=917ebec7789aea44fb9088eca9d68453&uuid=3d418ed7-4eab-4c55-b316-19aa4148e7dc%3A3%3A1
200 OK 4.2 kB URL HTTP/1.1 tallysaturatesnare.com/sbar.json?key=917ebec7789aea44fb9088eca9d68453&uuid=3d418ed7-4eab-4c55-b316-19aa4148e7dc%3A3%3A1
IP
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (6031), with no line terminators
Hash bb34cc4de75024e9b5bc1431178a4092
ded6296f87337c432845039d9c75a01a8b75c968
9285159d607215fd766fe66a851dd8f7744c64b843e5fb9001ee5b6dea559bb6
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=917ebec7789aea44fb9088eca9d68453&uuid=3d418ed7-4eab-4c55-b316-19aa4148e7dc%3A3%3A1 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.newarabsex.com
Connection: keep-alive
Referer: https://www.newarabsex.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 02 Dec 2022 13:34:39 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.newarabsex.com
Access-Control-Allow-Origin: https://www.newarabsex.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15805124; expires=Sat, 03 Dec 2022 13:34:38 GMT; secure; SameSite=None
uid_id2=3d418ed7-4eab-4c55-b316-19aa4148e7dc:3:1; expires=Fri, 09 Dec 2022 13:34:38 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 03 Dec 2022 13:34:39 GMT; secure; SameSite=None
uncs=1; expires=Sat, 03 Dec 2022 13:34:39 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sat, 03 Dec 2022 13:34:39 GMT; secure; SameSite=None
uncs29=1; expires=Sat, 03 Dec 2022 13:34:39 GMT; secure; SameSite=None
slec917ebec7789aea44fb9088eca9d68453=[3789938]; expires=Fri, 02 Dec 2022 13:34:44 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d4700eb9650b4fc2edd4b58b176af641
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
tallysaturatesnare.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTlYQvWjw4iEyBxEVd7Z7pntn2hyWxBgJrklIIrmmfvVuudVdTVX39OyeQgIxuW1uHnvfbLKoIZg%2FQBJmc9EBIaMgi7i3HDyZIOQoMrMDi9%2Bhvq%2FqvcN776ubW%2BU%2B8VHSvQtfmA2lNV2Imn7j%2FSsqE6ZyjXOXG4Hf9E80rqhsMTzR6E8O2%2Fs48KOm%2F0HjM8nXzELLD3w%2F8IPGGWVlYvoLUxQqvx8Hzdhvhq1mEIXo2%2F%2FfXenBUQ%2Bit0%2BOQYnxK6s%2FPYTiQ2TpD6elWytM%2FtGnaalpYSx6YufLbC0zVYb0cEyshyTbmbFh3JiQb47AZDszBzC97YkDMDUm3u8BWLYzkwnWu3uglGnIDEy8jqo3hNRDKDoENzegxFMCcIFz55Gl984ZW9H1A5RO0DGZe%2FkPVDUmc3%2B%2BhSx9cEqrfuOS0WWhTObQT2qo%2FhBqZYi83EWx4UFVu%2BDFdSjxC1l4uYws3T7vtIESe%2B%2B2RRh0pejMh5Ky%2BZBH0TxrB4vzQUxpGIRd2RF8GpFSQ6hkCC03Qd1RlM5DqTyUiYcy95CKvQaN4sT3OwlL2u1uyDlvtzmPuosiEu2wm%2Fgo%2BcTDJop8E1xvgttryO01rKk7T6NjsOVjuNUaTnhwBUFP1KgkQeUIKkpQKYKqIKh69V2hXcvV94R2JQtmvTXr7XpgipUtetcUKzIjW%2Fk%2BeXOa3YsPn2BN7jXioCOZ5J1ON6aShmHCYr%2FblZzGYrEbRm04VUO5I6DOw8ZkkZf3kU%2F68etgdBdO74KrN0DL46DVoNPyQVcHYdfHRvYgkxW1lDnZb3KTQpgaeTGHYt3b0vvk7amS%2BDcLyUdLL7Z%2BfnzjmAG3NXJb4yv1hGBF3xpcNBXZvmgqRx6ezwuVqg062fClghZy7rvP5XplrDh72m1%2Be5JPgMl4%2F7J0xTLNhMpWHPn%2BlBJC2jPGckl%2BPOuuSHahdKunSpuV%2BfKFT86cTXMrnVMmG4Kqp1cfgasxeS29Of277%2FxxE8oOYcsaaTkis4Iyu%2BD5Nbh8tPT8%2FqvBe3%2BtwxkCqw85LPdQlfXAttjho1ZjEn79DFqOlh4%2Fu3rydmcZlNVw8jAGJkePnh%2Fwt9wtrFgPtLiBLK3RszV6ugbVm3Dl0UGR29HSr%2B1pgWlvwLT1tpm2%2Bs5BvE7tNWSU%2BIn0W5IlMUs61BdxEsaMxoHssIgGKNyY3%2F737%2F8AAAD%2F%2FwEAAP%2F%2FKFsnFpcEAAA%3D
200 OK 7 B URL HTTP/1.1 tallysaturatesnare.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTlYQvWjw4iEyBxEVd7Z7pntn2hyWxBgJrklIIrmmfvVuudVdTVX39OyeQgIxuW1uHnvfbLKoIZg%2FQBJmc9EBIaMgi7i3HDyZIOQoMrMDi9%2Bhvq%2FqvcN776ubW%2BU%2B8VHSvQtfmA2lNV2Imn7j%2FSsqE6ZyjXOXG4Hf9E80rqhsMTzR6E8O2%2Fs48KOm%2F0HjM8nXzELLD3w%2F8IPGGWVlYvoLUxQqvx8Hzdhvhq1mEIXo2%2F%2FfXenBUQ%2Bit0%2BOQYnxK6s%2FPYTiQ2TpD6elWytM%2FtGnaalpYSx6YufLbC0zVYb0cEyshyTbmbFh3JiQb47AZDszBzC97YkDMDUm3u8BWLYzkwnWu3uglGnIDEy8jqo3hNRDKDoENzegxFMCcIFz55Gl984ZW9H1A5RO0DGZe%2FkPVDUmc3%2B%2BhSx9cEqrfuOS0WWhTObQT2qo%2FhBqZYi83EWx4UFVu%2BDFdSjxC1l4uYws3T7vtIESe%2B%2B2RRh0pejMh5Ky%2BZBH0TxrB4vzQUxpGIRd2RF8GpFSQ6hkCC03Qd1RlM5DqTyUiYcy95CKvQaN4sT3OwlL2u1uyDlvtzmPuosiEu2wm%2Fgo%2BcTDJop8E1xvgttryO01rKk7T6NjsOVjuNUaTnhwBUFP1KgkQeUIKkpQKYKqIKh69V2hXcvV94R2JQtmvTXr7XpgipUtetcUKzIjW%2Fk%2BeXOa3YsPn2BN7jXioCOZ5J1ON6aShmHCYr%2FblZzGYrEbRm04VUO5I6DOw8ZkkZf3kU%2F68etgdBdO74KrN0DL46DVoNPyQVcHYdfHRvYgkxW1lDnZb3KTQpgaeTGHYt3b0vvk7amS%2BDcLyUdLL7Z%2BfnzjmAG3NXJb4yv1hGBF3xpcNBXZvmgqRx6ezwuVqg062fClghZy7rvP5XplrDh72m1%2Be5JPgMl4%2F7J0xTLNhMpWHPn%2BlBJC2jPGckl%2BPOuuSHahdKunSpuV%2BfKFT86cTXMrnVMmG4Kqp1cfgasxeS29Of277%2FxxE8oOYcsaaTkis4Iyu%2BD5Nbh8tPT8%2FqvBe3%2BtwxkCqw85LPdQlfXAttjho1ZjEn79DFqOlh4%2Fu3rydmcZlNVw8jAGJkePnh%2Fwt9wtrFgPtLiBLK3RszV6ugbVm3Dl0UGR29HSr%2B1pgWlvwLT1tpm2%2Bs5BvE7tNWSU%2BIn0W5IlMUs61BdxEsaMxoHssIgGKNyY3%2F737%2F8AAAD%2F%2FwEAAP%2F%2FKFsnFpcEAAA%3D
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRitTlYQvWjw4iEyBxEVd7Z7pntn2hyWxBgJrklIIrmmfvVuudVdTVX39OyeQgIxuW1uHnvfbLKoIZg%2FQBJmc9EBIaMgi7i3HDyZIOQoMrMDi9%2Bhvq%2FqvcN776ubW%2BU%2B8VHSvQtfmA2lNV2Imn7j%2FSsqE6ZyjXOXG4Hf9E80rqhsMTzR6E8O2%2Fs48KOm%2F0HjM8nXzELLD3w%2F8IPGGWVlYvoLUxQqvx8Hzdhvhq1mEIXo2%2F%2FfXenBUQ%2Bit0%2BOQYnxK6s%2FPYTiQ2TpD6elWytM%2FtGnaalpYSx6YufLbC0zVYb0cEyshyTbmbFh3JiQb47AZDszBzC97YkDMDUm3u8BWLYzkwnWu3uglGnIDEy8jqo3hNRDKDoENzegxFMCcIFz55Gl984ZW9H1A5RO0DGZe%2FkPVDUmc3%2B%2BhSx9cEqrfuOS0WWhTObQT2qo%2FhBqZYi83EWx4UFVu%2BDFdSjxC1l4uYws3T7vtIESe%2B%2B2RRh0pejMh5Ky%2BZBH0TxrB4vzQUxpGIRd2RF8GpFSQ6hkCC03Qd1RlM5DqTyUiYcy95CKvQaN4sT3OwlL2u1uyDlvtzmPuosiEu2wm%2Fgo%2BcTDJop8E1xvgttryO01rKk7T6NjsOVjuNUaTnhwBUFP1KgkQeUIKkpQKYKqIKh69V2hXcvV94R2JQtmvTXr7XpgipUtetcUKzIjW%2Fk%2BeXOa3YsPn2BN7jXioCOZ5J1ON6aShmHCYr%2FblZzGYrEbRm04VUO5I6DOw8ZkkZf3kU%2F68etgdBdO74KrN0DL46DVoNPyQVcHYdfHRvYgkxW1lDnZb3KTQpgaeTGHYt3b0vvk7amS%2BDcLyUdLL7Z%2BfnzjmAG3NXJb4yv1hGBF3xpcNBXZvmgqRx6ezwuVqg062fClghZy7rvP5XplrDh72m1%2Be5JPgMl4%2F7J0xTLNhMpWHPn%2BlBJC2jPGckl%2BPOuuSHahdKunSpuV%2BfKFT86cTXMrnVMmG4Kqp1cfgasxeS29Of277%2FxxE8oOYcsaaTkis4Iyu%2BD5Nbh8tPT8%2FqvBe3%2BtwxkCqw85LPdQlfXAttjho1ZjEn79DFqOlh4%2Fu3rydmcZlNVw8jAGJkePnh%2Fwt9wtrFgPtLiBLK3RszV6ugbVm3Dl0UGR29HSr%2B1pgWlvwLT1tpm2%2Bs5BvE7tNWSU%2BIn0W5IlMUs61BdxEsaMxoHssIgGKNyY3%2F737%2F8AAAD%2F%2FwEAAP%2F%2FKFsnFpcEAAA%3D HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.newarabsex.com/
Cookie: u_pl=15805124; uid_id2=3d418ed7-4eab-4c55-b316-19aa4148e7dc:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec917ebec7789aea44fb9088eca9d68453=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 02 Dec 2022 13:34:39 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: af8f17920e250e919606db2717d5c764
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c770ed8e1043091817cf67c2338116d2
eb799e23dbf7d7fd82d63ec0220007e5b8196e48
addff025294dc6a89ff5f686910eb51ba8791c40f50b1c6b63ddc4c8db5808cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ADDFF025294DC6A89FF5F686910EB51BA8791C40F50B1C6B63DDC4C8DB5808CF"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12998
Expires: Fri, 02 Dec 2022 17:11:17 GMT
Date: Fri, 02 Dec 2022 13:34:39 GMT
Connection: keep-alive
js.wpshsdk.com/npc/sdk/common/core.js
200 OK 36 kB URL HTTP/2 js.wpshsdk.com/npc/sdk/common/core.js
IP
ASN #39572 DataWeb Global Group B.V.
Hash 2390c7f802b0c34afcf25b07c9b36c75
d094159b6d0b79921d27399c89faf02391bc5066
9aa4d939568a0bf4ba5454ec669999c368f9f1916a6bffd3c0458c8592949450
GET /npc/sdk/common/core.js HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.newarabsex.com/
Origin: https://www.newarabsex.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:34:38 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 25 Nov 2022 14:22:37 GMT
etag: W/"6380cfad-1861e"
content-encoding: gzip
expires: Fri, 02 Dec 2022 13:39:38 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 7007a042a79310c8938c279ae7eec8e5
8b72d7da27205ce31ff5497ba5428808a498dd7e
8188a5b1208fea4f2bdb97e404aefeb04a89ad62bc16ba2512e3a660b68b67af
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8188A5B1208FEA4F2BDB97E404AEFEB04A89AD62BC16BA2512E3A660B68B67AF"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5351
Expires: Fri, 02 Dec 2022 15:03:50 GMT
Date: Fri, 02 Dec 2022 13:34:39 GMT
Connection: keep-alive
tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Findex.html&l=1300&fd=327
200 OK 0 B URL HTTP/1.1 tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Findex.html&l=1300&fd=327
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Findex.html&l=1300&fd=327 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.newarabsex.com/
Cookie: u_pl=15805124; uid_id2=3d418ed7-4eab-4c55-b316-19aa4148e7dc:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec917ebec7789aea44fb9088eca9d68453=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 02 Dec 2022 13:34:39 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
b.clarity.ms/collect
204 No Content 0 B IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 15489
Origin: https://www.newarabsex.com
Connection: keep-alive
Referer: https://www.newarabsex.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
vary: Origin
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://www.newarabsex.com
access-control-allow-credentials: true
date: Fri, 02 Dec 2022 13:34:39 GMT
X-Firefox-Spdy: h2
sw.wpush.org/ps/sw.js
200 OK 2.9 kB IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (8695)
Hash 1671ed5a74ab91bb574274825da4d442
a1572a8eb9d873860688f275bde743eba1f17de9
a2bd956f5ac4ec56f3719bcf1093b79f3ca917937a38911ad10651e960c81738
GET /ps/sw.js HTTP/1.1
Host: sw.wpush.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:34:39 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 25 Nov 2022 14:22:37 GMT
etag: W/"6380cfad-158c"
content-encoding: gzip
expires: Fri, 02 Dec 2022 13:39:39 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash 7007a042a79310c8938c279ae7eec8e5
8b72d7da27205ce31ff5497ba5428808a498dd7e
8188a5b1208fea4f2bdb97e404aefeb04a89ad62bc16ba2512e3a660b68b67af
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8188A5B1208FEA4F2BDB97E404AEFEB04A89AD62BC16BA2512E3A660B68B67AF"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5351
Expires: Fri, 02 Dec 2022 15:03:50 GMT
Date: Fri, 02 Dec 2022 13:34:39 GMT
Connection: keep-alive
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/girls.png
200 OK 322 kB URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/girls.png
IP
File type PNG image data, 729 x 331, 8-bit/color RGBA, non-interlaced\012- data
Size 322 kB (322399 bytes)
Hash 47b7ae41a98644de6d46d58a0e51a793
b0f736609af3c0b3214ee52cc9f0798dcc972df6
b2ad5bf8fc066203168fbceb53b7df6012e8897be344b240e94105af1b4ba0f2
GET /sb/notifications/games/nutaku/multi/2/img/girls.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:34:39 GMT
content-type: image/png
content-length: 322399
last-modified: Wed, 07 Sep 2022 14:37:32 GMT
etag: "6318acac-4eb5f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1467810
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lH3Ic6t6R28QX61YfS4pkz9ufnKpPZNudcF0UU7nOob16uytHdW0oibtsIEsGFqbPAFZERsHiQOSrkMTA15wO9B8NHvqhYKph4dXEFieOWyLAZF60Fp4Z%2BpN6zPL39xMUknG3g4s9dF9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773470f98a6f405e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fanimate.css&l=79249&fd=359
200 OK 0 B URL HTTP/1.1 tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fanimate.css&l=79249&fd=359
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fanimate.css&l=79249&fd=359 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.newarabsex.com/
Cookie: u_pl=15805124; uid_id2=3d418ed7-4eab-4c55-b316-19aa4148e7dc:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec917ebec7789aea44fb9088eca9d68453=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 02 Dec 2022 13:34:39 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5183c67-4568-43c8-a2e7-7b41f5ca064b.jpeg
200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5183c67-4568-43c8-a2e7-7b41f5ca064b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cd8ad22c2eb1eb91c76970fa449f1bc4
0de97f3a4964038222bd751e043e413113e6db9d
668f805815aede3bc04f8564bd6aefd56029362bb0aa8a794673eb78ab2d4643
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5183c67-4568-43c8-a2e7-7b41f5ca064b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 4834
x-amzn-requestid: 63a0b8b5-5cb3-4a1f-aa46-47c84abe726f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZQrjEeAIAMF3sw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6386c7e3-0032799009f893ba79f314db;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 03:02:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 02EF3QEVKmEB2ikbGk9gzQq7_VMi00ufHUNRFTL8MpwJKaXQwdT8HA==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 03:42:27 GMT
age: 35532
etag: "0de97f3a4964038222bd751e043e413113e6db9d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fstyles.css&l=11401&fd=361
200 OK 0 B URL HTTP/1.1 tallysaturatesnare.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fstyles.css&l=11401&fd=361
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fnotifications%2Fgames%2Fnutaku%2Fmulti%2F2%2Fcss%2Fstyles.css&l=11401&fd=361 HTTP/1.1
Host: tallysaturatesnare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.newarabsex.com/
Cookie: u_pl=15805124; uid_id2=3d418ed7-4eab-4c55-b316-19aa4148e7dc:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec917ebec7789aea44fb9088eca9d68453=[3789938]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 02 Dec 2022 13:34:39 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
www.newarabsex.com/%d8%b3%d9%83%d8%b3-%d9%85%d9%8a%d8%b1%d9%8a%d8%a7%d9%85-%d9%81%d8%a7%d8%b1%d8%b3/
200 OK 0 B URL HTTP/2 www.newarabsex.com/%d8%b3%d9%83%d8%b3-%d9%85%d9%8a%d8%b1%d9%8a%d8%a7%d9%85-%d9%81%d8%a7%d8%b1%d8%b3/
IP
GET /%d8%b3%d9%83%d8%b3-%d9%85%d9%8a%d8%b1%d9%8a%d8%a7%d9%85-%d9%81%d8%a7%d8%b1%d8%b3/ HTTP/1.1
Host: www.newarabsex.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:34:31 GMT
content-type: text/html; charset=UTF-8
x-cache-handler: cache-enabler-engine
vary: Accept-Encoding,User-Agent
cache-control: max-age=31536000
cf-cache-status: MISS
last-modified: Fri, 02 Dec 2022 13:34:31 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hFps0xAx2RGZ0f8UakghYKYH1HsiXVuG7LKeGrz9agpCLzRKMjm%2FCEIs3fl%2F2UXI5dasGaLkyW%2FpdiDmXdvTIFZfcWT%2B5n9fNuweCKsZblfDx2EEzNtPF1VHwrlAIhGeCeY88Kc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773470c45f49fac8-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
200 OK 0 B URL HTTP/2 friendshipmale.com/sfp.js
IP
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.newarabsex.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:34:38 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 02ea399d3f0ef23eb5fb2585165a6156
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 02 Dec 2022 13:34:37 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OcaxPVtQYuSR%2Bj8NKqdLTR1NdR15LxbC%2BAteKMdRwS%2BqThCbPN3DNhCKY6xrfpV9%2F5U9TCiq6xa7ijODI1Nxc3n7IOZKWlGZCLnKakyrvJr%2BJmlddjgV1mLUoFgtzRinM9A6jxo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773470ef98d97741-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
200 OK 0 B URL HTTP/2 static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
IP
GET /beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.newarabsex.com
Connection: keep-alive
Referer: https://www.newarabsex.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:34:31 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2022.10.1
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 773470c889a5b506-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/close.svg
200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/img/close.svg
IP
GET /sb/notifications/games/nutaku/multi/2/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:34:39 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Aug 2022 08:55:17 GMT
etag: W/"62fdfe75-415"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1467810
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5svk6uDKeOvfZgAPfh1PBh7DixmA%2BpzmLf8YTFHX50MA7Dq9FD1jx%2B5TVD146NL2MVvaFubmxBO1n8X3S0hAqkptvAosH8KEgO8%2BfINjG1FmtYtrFEoe8LQmWpfAfFkZSzww3zoUukY5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773470f98a6b405e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/notifications/games/nutaku/multi/2/index.html
200 OK 0 B URL HTTP/2 cdn.barscreative1.com/sb/notifications/games/nutaku/multi/2/index.html
IP
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert fortinet Phishing
GET /sb/notifications/games/nutaku/multi/2/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.newarabsex.com
Connection: keep-alive
Referer: https://www.newarabsex.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:34:39 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Thu, 15 Sep 2022 10:38:26 GMT
etag: W/"632300a2-514"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Fri, 02 Dec 2022 14:34:39 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/js/jquery.min.js
200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/js/jquery.min.js
IP
GET /sb/notifications/games/nutaku/multi/2/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:34:39 GMT
content-type: application/javascript
last-modified: Thu, 18 Aug 2022 08:55:27 GMT
etag: W/"62fdfe7f-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1467810
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9onyiTPgp%2Fm00bpZYhFlqWdRnHnowrxwtwGukqM1JptYJG5%2F8llE5qoUszCOyHAnW0Tbk6A4%2Bss5Uw8GnLV%2F%2B6721AO%2F%2FOxvzMfH3IiFNdtV9I7U%2BGRuZg%2Fx73RxPsyF7kKCGI2Jqwvu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773470f97a67405e-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/animate.css
200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/animate.css
IP
GET /sb/notifications/games/nutaku/multi/2/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.newarabsex.com
Connection: keep-alive
Referer: https://www.newarabsex.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:34:39 GMT
content-type: text/css
last-modified: Thu, 15 Sep 2022 10:38:28 GMT
etag: W/"632300a4-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UOM%2F5clGqFeup6hcoO15E4gRP9ecInhCyaNBJn3Lk%2F%2BkSUWD%2BqDR%2BtVPeVL6klSbeEKb1jWNfhTf%2FQOoB3zwv4zaabB%2BofnLSPPkoQW3N5Q1xgnZG8OKY7paZXojlLIKNjdY402uh%2B7m"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773470f91c2c72a6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/styles.css
200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/css/styles.css
IP
GET /sb/notifications/games/nutaku/multi/2/css/styles.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.newarabsex.com
Connection: keep-alive
Referer: https://www.newarabsex.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:34:39 GMT
content-type: text/css
last-modified: Wed, 21 Sep 2022 08:03:32 GMT
etag: W/"632ac554-2c89"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hpfQXN7miif31W0MKNzVc4sgGE1eVVZ0q1XvGZZ%2BxApAEZbJ5p85ajbeAw%2FrD6g59%2F3eDh91Ov2WIxHEXD7CNSTo05uqEhw4Yih3HvTbn2NCvHL%2F6Pz0eTGHZ%2FtctEw8v2XFrWqRMxpA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773470f90c1b72a6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
duckswillsmoochyou.com/lv/esnk/1891932/code.js
200 OK 0 B URL HTTP/2 duckswillsmoochyou.com/lv/esnk/1891932/code.js
IP
GET /lv/esnk/1891932/code.js HTTP/1.1
Host: duckswillsmoochyou.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.newarabsex.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 13:34:37 GMT
content-type: application/javascript
last-modified: Tue, 15 Nov 2022 12:20:41 GMT
vary: Accept-Encoding
etag: W/"63738419-1aaa0"
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
ta3nfsordd.com/get/1888413?zoneid=1888413&jp=_clchqg9fb8ng7q3n0w8v4p&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=6583368802832532
200 OK 0 B URL HTTP/2 ta3nfsordd.com/get/1888413?zoneid=1888413&jp=_clchqg9fb8ng7q3n0w8v4p&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=6583368802832532
IP
Analyzer Verdict Alert quad9 Sinkholed
GET /get/1888413?zoneid=1888413&jp=_clchqg9fb8ng7q3n0w8v4p&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&sp=0&cid=6583368802832532 HTTP/1.1
Host: ta3nfsordd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.newarabsex.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 13:34:37 GMT
content-type: text/javascript
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=2212020834a08a49b77d4a47389df918a1ef; Path=/; Expires=Sat, 02 Dec 2023 13:34:37 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
8bbc81b016.d1bcb5ca9f.com/bfe0a2dd4afe58f656f20f79c17d73c6.js
200 OK 0 B URL HTTP/2 8bbc81b016.d1bcb5ca9f.com/bfe0a2dd4afe58f656f20f79c17d73c6.js
IP
ASN #39572 DataWeb Global Group B.V.
Analyzer Verdict Alert quad9 Sinkholed
GET /bfe0a2dd4afe58f656f20f79c17d73c6.js HTTP/1.1
Host: 8bbc81b016.d1bcb5ca9f.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.newarabsex.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:34:37 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 13 Oct 2022 09:19:10 GMT
etag: W/"6347d80e-16007"
content-encoding: gzip
expires: Fri, 02 Dec 2022 13:39:37 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/push.m.js?v=1
200 OK 0 B URL HTTP/2 js.wpshsdk.com/npc/sdk/push.m.js?v=1
IP
ASN #39572 DataWeb Global Group B.V.
GET /npc/sdk/push.m.js?v=1 HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.newarabsex.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:34:37 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 25 Nov 2022 14:22:37 GMT
etag: W/"6380cfad-f33b"
content-encoding: gzip
expires: Fri, 02 Dec 2022 13:39:37 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/js/main.js
200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/notifications/games/nutaku/multi/2/js/main.js
IP
GET /sb/notifications/games/nutaku/multi/2/js/main.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.newarabsex.com
Connection: keep-alive
Referer: https://www.newarabsex.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 13:34:39 GMT
content-type: application/javascript
last-modified: Wed, 21 Sep 2022 07:29:33 GMT
etag: W/"632abd5d-20ea"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A9D5%2BBVJqDdOnsHAu7OM3dt5OWkVFu2StmVHmhNVkg3rL3fm3cKoUWn3fDKlKUMVyq9Uxy5VxcOYzDGIexbdHmqZTYajeurl298j2%2Bu51kQFxScUJDoVChyhiME7hskel0sRWwPV0MMs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 773470fa3e5c72a6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
104.21.50.252
13.107.21.200
62.122.171.6
93.184.220.29
157.90.84.242
23.36.77.32
104.16.56.101