Overview

URL www.prayroll.sa.com/ypmipjicmkl/gciwc876806maxvjavlg/fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
IP172.67.145.167
ASNCLOUDFLARENET
Location United States
Report completed2022-10-04 06:51:42 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-10-04 2 www.prayroll.sa.com/ypmipjicmkl/gciwc876806maxvjavlg/fa2rthrfvdtppdpd_fjeb8 (...) Malware
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (14)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS www.prayroll.sa.com (36) 0 2022-10-01 17:18:52 UTC 2022-10-04 06:49:52 UTC 172.67.145.167 Unknown ranking
mnemonic passive DNS www.googletagmanager.com (1) 75 2012-12-25 14:52:06 UTC 2022-10-03 20:08:49 UTC 142.250.74.168
mnemonic passive DNS r3.o.lencr.org (7) 344 2020-12-02 08:52:13 UTC 2022-10-03 07:33:36 UTC 23.36.76.226
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-10-03 09:28:24 UTC 34.117.237.239
mnemonic passive DNS ocsp.pki.goog (7) 175 2017-06-14 07:23:31 UTC 2022-10-03 07:14:52 UTC 142.250.74.3
mnemonic passive DNS e1.o.lencr.org (2) 6159 2021-08-20 07:36:30 UTC 2022-10-04 04:13:46 UTC 23.36.76.226
mnemonic passive DNS fonts.gstatic.com (10) 0 2014-08-29 13:43:22 UTC 2022-10-03 23:48:04 UTC 216.58.207.195 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-10-04 04:18:32 UTC 34.120.237.76
mnemonic passive DNS www.prayroll.sa.com (36) 0 2022-10-01 17:18:52 UTC 2022-10-04 06:49:52 UTC 104.21.73.147 Unknown ranking
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-27 20:08:30 UTC 2022-10-04 00:45:50 UTC 18.164.68.8
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-10-03 08:07:24 UTC 34.160.144.191
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-10-03 09:28:24 UTC 52.43.46.140
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-10-04 02:06:24 UTC 93.184.220.29
mnemonic passive DNS hypertechx.com (2) 0 2018-06-07 00:06:42 UTC 2022-09-13 17:18:29 UTC 207.154.203.102 Unknown ranking


Recent reports on same IP/ASN/Domain/Screenshot

Last 3 reports on IP: 172.67.145.167

Date UQ / IDS / BL URL IP
2022-11-02 01:43:40 +0000
0 - 0 - 5 selcuksportshd260.xyz/ 172.67.145.167
2022-10-30 10:40:20 +0000
0 - 0 - 23 www.protectfreefasteffective.rest/bc424d50-1e (...) 172.67.145.167
2022-10-04 06:51:42 +0000
0 - 0 - 1 www.prayroll.sa.com/ypmipjicmkl/gciwc876806ma (...) 172.67.145.167

Last 5 reports on ASN: CLOUDFLARENET

Date UQ / IDS / BL URL IP
2022-12-01 20:04:30 +0000
0 - 0 - 1 hi.valyoufurniture.com/29557310/orders/1d19fa (...) 23.227.38.65
2022-12-01 20:04:28 +0000
8 - 0 - 10 portlandpogies.com/fb93f4185aea5b548f0fe812e9 (...) 104.21.24.87
2022-12-01 20:04:24 +0000
8 - 0 - 8 comsouthcorp.com/fc46e26a907870744758b7616615 (...) 188.114.96.1
2022-12-01 20:00:55 +0000
0 - 0 - 20 honeydew.spacemind.shop/index.php?main_page=p (...) 172.67.208.53
2022-12-01 19:58:39 +0000
0 - 0 - 5 yptvuuxm.ga/ 188.114.97.1

Last 1 reports on domain: prayroll.sa.com

Date UQ / IDS / BL URL IP
2022-10-04 06:51:42 +0000
0 - 0 - 1 www.prayroll.sa.com/ypmipjicmkl/gciwc876806ma (...) 172.67.145.167

No other reports with similar screenshot



JavaScript

Executed Scripts (7)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (77)


Request Response
                                        
                                            GET /ypmipjicmkl/gciwc876806maxvjavlg/fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Tue, 04 Oct 2022 06:51:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.25
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J23%2BbzVtGAWOVetGk3MMJ6KWs2OrTXh8prvLmdiKLuK4HYDI4YflU%2FLspStBQttlil4k5uELHTDwtbh4h2wVBF%2F6U6gHJEaL3YRkemRdF9CKS%2F%2FmsCXC2wvxQo%2Fbn8QOs0G63e7f"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 754bfd52e9d90b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (318)
Size:   546
Md5:    6743677a45dabb4c2b853b5302fb2ac9
Sha1:   925adfcb7fd5298aa2e590fc1f134a3b692b1cbb
Sha256: 842d8ce736c002713af89d78f498cf1b4b94de5688db9beea2656730ca10b565

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         18.164.68.8
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 04 Oct 2022 06:04:12 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 86897b9f074001e33ff5cbec58c4bc02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: 2-P7iLUCzJ8jrDS8wOTprfX-rs3ocwXYtGi2Ov9XTm9rITC8sgFdhg==
Age: 2839


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1F611155394FAC39439B8EC8217D8CD493D6B588D372D264E0D66C03129C50C6"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7044
Expires: Tue, 04 Oct 2022 08:48:55 GMT
Date: Tue, 04 Oct 2022 06:51:31 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A9FB1F7ADE7C8A79D2EE83E9B7215E66DC89AC733B11079297A8F4B9ACEAE1F5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5123
Expires: Tue, 04 Oct 2022 08:16:54 GMT
Date: Tue, 04 Oct 2022 06:51:31 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: euEokuY8Z/xt9rwY4nzNO49mAulpczUomUcZzqIpLWf4G5/m1JO9h5YcwgaEyX+03h/sNAM7XU0=
x-amz-request-id: VSE8G9E1R2TJBZ17
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 04 Oct 2022 05:54:02 GMT
age: 3449
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Tue, 04 Oct 2022 06:51:31 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 04 Oct 2022 06:51:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /gtag/js?id=UA-22484186-3 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.168
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 04 Oct 2022 06:51:32 GMT
expires: Tue, 04 Oct 2022 06:51:32 GMT
cache-control: private, max-age=900
last-modified: Tue, 04 Oct 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42388
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2039)
Size:   42388
Md5:    ef377c5b03b7638d95472749b34c5f9c
Sha1:   03a1969e6ade49ca3a73dfdf233bd08062b98537
Sha256: 0dcf25022ddd87127254abd506547dc3596d244e2911e62d5a0d14e9157bcda6
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 04 Oct 2022 06:51:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /jquery-1.11.0.min.js HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/ypmipjicmkl/gciwc876806maxvjavlg/fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 04 Oct 2022 06:51:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:03:39 GMT
ETag: W/"62e8238b-1787d"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=er1OR79OsEA6dAO90esVL%2Fxkf78k3Sh2R%2FuN56WL1nVAj%2FsAcxdKBbk6TulGcphX88ZuyJdRdVb%2BBJ1b4WHB%2B8vfEtuXWTYiIirB8c7JZYr7a0lmodfz%2BM1tAj44RExUroEGYHjO"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd54eb4f0b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (32341)
Size:   33436
Md5:    95fe3f4dd117c33f6015e1c3d6df1d0d
Sha1:   d5b8856932d1ea63f51824de0bb50670d2e960bc
Sha256: e6945ac3f1927f242a9fd7a5cf67720f7763888127a7427eb24ffc52019d4b16
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         18.164.68.8
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Tue, 04 Oct 2022 06:32:53 GMT
Expires: Tue, 04 Oct 2022 07:12:21 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 49e8093d0b1ec293275e8b264631ad18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: 83T9yCMtiGQNAqPsTo85QLgQyT86jHeWHcPrcmaiVs9CCfgFiEhxaA==
Age: 1119


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "B4560537DBBD03C22DB84351B4F7543ECA4448EBA3F85C2054D7C7A0E4067FCF"
Last-Modified: Sun, 02 Oct 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21582
Expires: Tue, 04 Oct 2022 12:51:14 GMT
Date: Tue, 04 Oct 2022 06:51:32 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "B4560537DBBD03C22DB84351B4F7543ECA4448EBA3F85C2054D7C7A0E4067FCF"
Last-Modified: Sun, 02 Oct 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21582
Expires: Tue, 04 Oct 2022 12:51:14 GMT
Date: Tue, 04 Oct 2022 06:51:32 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3555
Cache-Control: 'max-age=158059'
Date: Tue, 04 Oct 2022 06:51:32 GMT
Last-Modified: Tue, 04 Oct 2022 05:52:17 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Tue, 04 Oct 2022 06:51:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.25
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=egKm4688lZhfiQav9oIAH46ihmkBI20US22%2F8dWvrGXiqKhX6tX7yi%2FZZ3gj9bJNjBkcI4Xptj03HIog%2B5Cs25GzxhQ9C4lgyt4FncTrNUBlCogvpdcC6EOTocRkKUAhmxupiBgu"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 754bfd591f050b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (794), with CRLF line terminators
Size:   6766
Md5:    f66cf2114da8dbc150f09816f1032d0e
Sha1:   949d3bf3b9482d414d5af5338c83534778d8b56f
Sha256: 782ccfe21e7f697294f713e44e90a41ce8c44761f11f27fa800f2558d264e25c
                                        
                                            GET /clicks/chapter2/Rosealbear2_files/fontello.css HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 04 Oct 2022 06:51:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-3ff"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IoVqwTTd%2BFRPHvdY1bXA64FMgftllZmlydqOjTywx7dynDMtSym8neiSlhAwAA%2FSTLJOhUrMKvuA8H%2BdulHQBUXnTopkXeyP6M%2Brwa48HpgIE7ywwniYTnj78sw%2BQxlCQqBuxgjg"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd59cd3b1bfa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text
Size:   362
Md5:    fa15172488a6d5c1b4071c496f2a1cea
Sha1:   6651c83e1ac3023e652d950af44a98d45e3e8b1d
Sha256: 95f7ddd9b2e97857d6b283da41709a8ec905c2901b7f01a1059b9bb4ee2f31c8
                                        
                                            GET /clicks/chapter2/Rosealbear2_files/css_003.css HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 04 Oct 2022 06:51:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-1938"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YrO4T1lA1NutlnI3pOZTDryTfsdjW8hhMgIo3Nly5a5SrgdOwptE0SjAp3pxMwZTyjjp57QWV9qcBKChrqF8sYbrIp7WnBsedaoYOBQJMWzP8lBWkJPtdWGNWs9%2FeSlRRC8BnP1u"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd59cba0b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text
Size:   571
Md5:    7e39e166104fc03ebc556c52b4a1dbd1
Sha1:   1fb21c5d048e2f4796462220b772088608ae728e
Sha256: b8b3a9db82c45b6fe8c909b367e5add84657b8c3ab63fdc8c965094ee548d33b
                                        
                                            GET /clicks/chapter2/Rosealbear2_files/css_002.css HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 04 Oct 2022 06:51:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-352a"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d1O8%2BjLb11QQ%2Fed6HhZNmk2lK7vaPwP8EVVhcJr1nW95fmLq5A7GCmN4vSMc3PXIkzT8h9hC%2FAQ0XI1HyTN9bxzgC%2BlBbQmP%2FBxCWsAutMiSBQdElytOkkfc0%2BIU7ieUo6XJS2XB"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd59c810b505-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text
Size:   777
Md5:    c5072e32da3737607634298a7b205cf0
Sha1:   4b8d40a83ac2ab6499788050ceaf33ffb195185c
Sha256: a55a4206866eb7dd312de9b4c1a6c6ee737d967c5bc13dceb7793bf28f20ec5f
                                        
                                            GET /clicks/chapter2/Rosealbear2_files/css.css HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 04 Oct 2022 06:51:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-62d3"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UVy6h9bQBh3iXlf1CweH2CXNAScGySXZK0%2FtJVMKXgp%2FNwW8vOCUs0SIzi2MYWEdLVpXESRbGj%2BNsaXt4Uc57ZjH31E0zcF33wa1nvFK9VfY3OyDkOa6eNdcVDJmCR5kA5%2F5LQe1"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd59ca6d0b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text
Size:   1123
Md5:    a116a37be9b0480bef6fdd76cfec6448
Sha1:   a147112fae99b8420fdf2549dd7a7d97ecca8975
Sha256: 04693ca007679e84b975e32e03bb5a7cdc35a2c3d7f023f1ec9f7bec0dbe75ef
                                        
                                            GET /clicks/chapter2/Rosealbear2_files/style.css HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 04 Oct 2022 06:51:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-4c0f"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ooLySzr3KOICoi8LYBlsNIMHZPN6h37FzB7b3P3MVGmUux46aVxaK7Iv6UzBtPFsg9Pp%2Ff4SQaWUDtw6tuk2HFvfz%2FOiV3lwC%2BA%2FLQ5ZLnVdN71I35IQk5prY4lkkNUie1odfLqn"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd59dcd20afe-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  assembler source, ASCII text, with CRLF line terminators
Size:   3942
Md5:    62b2d2be03b14deef0cdf9773cdb6f45
Sha1:   28ded02254cd4d8a2aa8230d7ecae82a0e084cf4
Sha256: 27079488d20ff7b332208f04732a188aba343bb632cf5428cee9b691d7eb6d8f
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: S+nj1HC3szb/yUpXEFxZTA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         52.43.46.140
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 9bDX8b2DexArwO802HW5QyAEwqA=

                                        
                                            GET /clicks/chapter2/Rosealbear2_files/bootstrap.css HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-1d970"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d1uGBL3DYx30sXQ6sPWF9peWRyD2egX%2FU8ywCzzHKrQeujYOgmPlW6bIVF782kj3HiVibmuTYD5L7GSVfrOD0CLPJudUI%2BM4zIoOtcjeYwXUMSRfCpDHrNf3bcaEv4vHNkjlmTTT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd59bf980b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (65371)
Size:   19577
Md5:    ec33cc046e01c53aec64024058d8de78
Sha1:   d7df0f7a5a950ec42f3f950d5a4eb5dfa0993aa0
Sha256: 73fdef7c62fb183ccf51e35598666c094b3a3b92de0160fb946a708fb1c0f1b9
                                        
                                            GET /clicks/chapter2/Rosealbear2_files/main.js HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-981"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TUbEsmtFLLEZ%2F%2FXG%2Fp7%2FJJmOie49KV%2BaMxbEcBA%2Bi8933IOi3Op4s5NZ%2FcsXjpLhm02nSFfIShbpl0sCNbR2y4AHGRf8F4TDoCgcWmhyrzGb30NBAWGejtvGNP5Ryf9nRWKO%2B%2BIh"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5af952b505-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  C source, ASCII text
Size:   762
Md5:    26566d64b797ad741a932e00c23e3edd
Sha1:   4ebdbc0c6f77a5697e9494b8fe3a650b6bc64719
Sha256: 40421508ddb2aeb8d1551597153e38ad08caa916518e3b3417741fa0b668ecb2
                                        
                                            GET /clicks/chapter2/Rosealbear2_files/jquery.js HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-5da"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m2WX8ePR%2FSLjfw9hBREczQ9mGUZWDvioSbD%2Fmev0ctMUuTufK3%2F%2BcBL9xhA3OZut93KkKoB2WyJOw3OgxEH%2Fbl0mw7sUQvRoIKjI102ejM4TcvUYrPVayA%2BUTaofolxAm2lW5LJU"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5b0c250b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   678
Md5:    98ac02ce748fd8b53d3e80cbfe705601
Sha1:   6625c6a4baddbbc4498f83ac01f9afdcd200c737
Sha256: 3a28afa43216be8d653146694eca8369f219a724d092edb8bf8c9ae703a174c0
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /clicks/chapter2/Rosealbear2_files/bootstrap.js HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-90b5"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=54XtU9xrDIKsYOQm6IUI%2B8glVtltq5wEK12WSk2fTjtOCrOsf3zojZK0gjQuBe3M%2B3NL7Q8r%2FeJeQK9zSyY4IhCdCcBQSQzNyw6YcSfzbH6BXLottyeHEdiYpOVXt6IjyFWsC2vN"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5accd3b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (32033)
Size:   9833
Md5:    5001f34e4d6720378751012dedda52d6
Sha1:   d582a3fa4a2772626a934ade1489dc5e5f97a845
Sha256: 3cbb8f3723828476519f646eed5cd50a490f1cb1a03b9c2e92ad2a749c1dbf5a
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/roboto/v20/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15736
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 13:35:36 GMT
expires: Sun, 01 Oct 2023 13:35:36 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 24 Jul 2019 01:18:36 GMT
age: 234957
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15736, version 1.0\012- data
Size:   15736
Md5:    479970ffb74f2117317f9d24d9e317fe
Sha1:   81c796737cbe44d4a719777f0aff14b73a3efb1e
Sha256: 48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3
                                        
                                            GET /clicks/chapter2/Rosealbear2_files/logo.png HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Length: 3573
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-df5"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qLYr%2BkDP4sBQpspSASzo2nMlsUu8RmGK4hgZbqkxe4%2FAWHa12vhcsnP06r%2Be%2Bjol%2B%2FnDErN%2F%2FVHNVXSyr7cR90buEbZjbYekO0nMQMBpoAUqngaXxDRk2OGAnV4Ck%2B%2FjZLvWbZir"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5b68f50b31-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  PNG image data, 198 x 44, 8-bit colormap, non-interlaced\012- data
Size:   3573
Md5:    4e82c9ce56997d98107cad1636373b7b
Sha1:   0f54b8a9398d4c61d77be77fe6d507c305849abf
Sha256: b4ee829d80f8ab9bf4862b2c85178b22e770ddf6601af0fbcf057bea8fa42821
                                        
                                            GET /clicks/chapter2/Rosealbear2_files/close.svg HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-364"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BISvYLQaiGvOzFk8otyF9FVdj1pjyM9VC7MHptzTRFBfiHJlE8Pd7MqiaO%2FLHNDdwSrYc%2BX2f2n3lokFHCFjRvbROyhmGoPtuEvaVdcZP7Y%2BuzTQdGpu%2BCujvW0iELJVuNem1X8%2F"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5b6e460afe-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   481
Md5:    263717a7c89bd0ec940573fed33e7a89
Sha1:   7e4f19944dafd279f77ce709bc529ce40a0c28b0
Sha256: 664cb275632ea66b8abf5ed6d16a8099b4f317074f32b63b7754d05bd90d4d28
                                        
                                            GET /s/worksans/v5/QGYpz_wNahGAdqQ43Rh3o4T8mNhN.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 24032
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 12:47:07 GMT
expires: Sun, 01 Oct 2023 12:47:07 GMT
cache-control: public, max-age=31536000
age: 237866
last-modified: Mon, 22 Jul 2019 19:18:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 24032, version 1.0\012- data
Size:   24032
Md5:    dd4fdc27521a8dbf8c5fb5d3cc1e759d
Sha1:   8100052d2765ac23cd3c8c7b267810e789f6b72c
Sha256: 01d902cdabc6ff88c288546422496ce3267cb0de2623156bb2b200e41d6df709
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/roboto/v20/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9760
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 27 Sep 2022 17:41:50 GMT
expires: Wed, 27 Sep 2023 17:41:50 GMT
cache-control: public, max-age=31536000
age: 565783
last-modified: Wed, 24 Jul 2019 01:18:40 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 9760, version 1.0\012- data
Size:   9760
Md5:    9d484aa99b936dfe89b6b12df530d138
Sha1:   41298a7f6caa8e6a22919cd7bc23faa990734f37
Sha256: b12b566a4b982d1d9ebdd2f94dbffc73ff39c9f6df112b8752191418538d01e6
                                        
                                            GET /s/worksans/v5/QGYpz_wNahGAdqQ43Rh3j4P8mNhN.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 24416
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 29 Sep 2022 07:56:54 GMT
expires: Fri, 29 Sep 2023 07:56:54 GMT
cache-control: public, max-age=31536000
age: 428079
last-modified: Mon, 22 Jul 2019 19:19:58 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 24416, version 1.0\012- data
Size:   24416
Md5:    de83f55b9291ee1bd05c8ebfb451e088
Sha1:   6cf8149b31a4b1e97ca7134a87c56d23531a8650
Sha256: 5fa4c180ac3f29bd3eb23a142aaf20ca6202f9dff37308be5c57231fb80a3417
                                        
                                            GET /s/worksans/v5/QGYsz_wNahGAdqQ43Rh_fKDp.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22488
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 02 Oct 2022 19:02:21 GMT
expires: Mon, 02 Oct 2023 19:02:21 GMT
cache-control: public, max-age=31536000
age: 128952
last-modified: Mon, 22 Jul 2019 19:23:43 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 22488, version 1.0\012- data
Size:   22488
Md5:    238c66f0f32567f8b025fa462b139235
Sha1:   a27f5e36161c6194a6f8a135e9e0056028bf3128
Sha256: 29a23ea4b518625595ed555e8edc2e32119a305df5bfecacc1ac38df8a384f9e
                                        
                                            GET /clicks/chapter2/Rosealbear2_files/jquery_002.js HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-15283"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gBXnm5%2BuCxfyuw%2FvxBmskhOFF%2FdWseCDeOtG0stnN8oWoeCSkwQtdQz%2Boudg4QUuig6MfZJB0c4sH1tYUz98sJuPoH0qxWzQMUZC0bDXu8%2Bp4HTWQ4mj6wcZpuG%2F%2Bwt5HM8CiSga"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5acdb41bfa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  ASCII text, with very long lines (32058)
Size:   30177
Md5:    165a43244de5b28bfdb9422e0ad82b68
Sha1:   dd12888e259036e6c6986a0c65a3b3e38b697f54
Sha256: 200e3fccd025dffd3f7c6ad186f87ea51737db6c85e279b0d8b9626ad7ce1954
                                        
                                            GET /s/raleway/v14/1Ptrg8zYS_SKggPNwJYtWqZPAA.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20864
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 02 Oct 2022 18:46:18 GMT
expires: Mon, 02 Oct 2023 18:46:18 GMT
cache-control: public, max-age=31536000
age: 129915
last-modified: Tue, 23 Jul 2019 03:47:36 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 20864, version 1.0\012- data
Size:   20864
Md5:    77d77f36bed0a452984832f6b5f22e3f
Sha1:   787b42ec8f4a44925270d81a9fdeda0ba69ba707
Sha256: 0a654aef5d8378e00c1a8a8e6876a8e4246b41cf46a3cabf1bf495617ca4086e
                                        
                                            GET /s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 04 Oct 2022 06:03:10 GMT
expires: Wed, 04 Oct 2023 06:03:10 GMT
cache-control: public, max-age=31536000
age: 2903
last-modified: Wed, 24 Jul 2019 01:19:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15816, version 1.0\012- data
Size:   15816
Md5:    2735a3a69b509faf3577afd25bdf552e
Sha1:   8621aff863b67040010ccc183da5b9079ce6fd1d
Sha256: b4d07892cde715d50bb69c1982df496385d1dfd8f9d1867c31f19a3c8634cfae
                                        
                                            GET /clicks/chapter2/fonts/fontello.woff2?45898082 HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/fontello.css

                                         
                                         172.67.145.167
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9hUjeoVk8twFPQqzBNwjGzFsZTuyiVXOEqFTwxAjb5VFPgTZ9FORKJ6u9Q71pUEUeXZdmdy%2FY1%2B%2B%2FSBmzeOim5CDgGisVoRP7xAGdsieBePQUqn%2FDzp0GYI7L6bvGVB8qgATyg0v"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5bfa2ab505-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   153
Md5:    706a98254456810d3e849c3957af9d01
Sha1:   e461d072a6ba8f0082d6f187eba7f053343529c6
Sha256: 8351c0267c2cd7866ff04c04261f06cd75af9a7130aac848ca43fd047404e229
                                        
                                            GET /s/raleway/v14/1Ptrg8zYS_SKggPNwN4rWqZPAA.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21164
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 27 Sep 2022 07:06:34 GMT
expires: Wed, 27 Sep 2023 07:06:34 GMT
cache-control: public, max-age=31536000
age: 603899
last-modified: Tue, 23 Jul 2019 03:47:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 21164, version 1.0\012- data
Size:   21164
Md5:    6a9b9c422e662a18013ee064fd789213
Sha1:   dbd7535cca2552efef08a77d11956652cc09bcd8
Sha256: ccffda12d4002d59565466849044e53ff6734de84baa233f12a725662d8f8681
                                        
                                            GET /s/worksans/v5/QGYpz_wNahGAdqQ43Rh3x4X8mNhN.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 24452
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 14:36:28 GMT
expires: Sun, 01 Oct 2023 14:36:28 GMT
cache-control: public, max-age=31536000
age: 231305
last-modified: Mon, 22 Jul 2019 19:23:43 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 24452, version 1.0\012- data
Size:   24452
Md5:    539ed1a07cb8b137b6825efd1789c2f3
Sha1:   6a46045cbc0a5af52f68d8a65a40df4f5cc6ed6e
Sha256: 681a963b7e247c1376a6af7a6e439256600ac932521623f600faa57a59b4fcb7
                                        
                                            GET /clicks/chapter2/Rosealbear2_files/right-img.jpg HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Length: 59003
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-e67b"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 1751
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=82I9xWSP7IL4%2FZkwjK9AiP%2Fr%2Fd%2FO7zp278OLFTEUI2OQxNH3FLVwymZT1WbVxSJqmM5F4BU5H%2BuuCDeAeJnFqvU9FpxVmprTNTdtCfNHervVPyNbkF8sabu9R26ofJ3n9Mpdox79"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5c89e60b31-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 340x370, components 3\012- data
Size:   59003
Md5:    d99732520f9cf9d8dceb5eba427bbf7a
Sha1:   bccfd18f099134710852ed7056ab6bac8c8660b2
Sha256: 54be66fc2122141ca45cacc380a1df9ff82b8ae7e317ab630471285f9d07be00
                                        
                                            GET /clicks/chapter2/Rosealbear2_files/content_img_9.jpg HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Length: 98394
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-1805a"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 1751
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QNvbm5isoZ7%2F7klEvSpeQY5UOOvKVSsvlMocd2Q4LPhVNoh2auJw%2FEwJSQXRY6cduZcKEKaoSsNMYi4jeLdHXZFPMrD28K%2BXVTh%2FkZppJwlak2gRbu9wgO4wwR74a%2Bq1b%2FceD76z"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5c7aa4b505-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 770x700, components 3\012- data
Size:   98394
Md5:    ffdc5a8e61e0454b2df629887d88af72
Sha1:   cc88f0e1d83d1aca7cecf9912dfee09ab3e4b7f0
Sha256: f52e14cc232b1844f833b1a324de1e84fcac0ca3e133a3f23e6793f7f1e914d6
                                        
                                            GET /s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15872
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 03:08:56 GMT
expires: Sun, 01 Oct 2023 03:08:56 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 24 Jul 2019 01:18:37 GMT
age: 272557
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15872, version 1.0\012- data
Size:   15872
Md5:    020c97dc8e0463259c2f9df929bb0c69
Sha1:   8f956a31154047d1b6527b63db2ecf0f3a463f24
Sha256: 24369e1b2461af9dcefecaf9cc93d64cf22a4c5bac32506100b9e21014507bcf
                                        
                                            GET /clicks/chapter2/Rosealbear2_files/img-3.png HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Length: 294
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-126"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MwHCkZPukZKTjz3KxpG5N1g8RlTIJptUJxuut2TUGs%2BnIUVpCWD5muanMZtfYtrgrJqONvlLcpX%2B7xjeTWZK8IPNp7vdXsyCCrexmiV9rG4HOcUOHX0PChkXq10GpFWz88mv%2F4bh"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5bfcfd0b59-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  PNG image data, 15 x 15, 8-bit colormap, non-interlaced\012- data
Size:   294
Md5:    1a1eb2244ef7c179f282719259a6f8ca
Sha1:   16f005c160ae1a4f2ad99ca179ce8ba0c1cc38e1
Sha256: 20afb9c7f93cfda5f7c9dd7005fc694e0bb6b58dcae0c833cbcd18620095bb4c
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /clicks/chapter2/Rosealbear2_files/arrow.png HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Length: 289
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-121"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tgSfagWufaFPWRcfAqX8Aq0zRNKaMcbqhYFjKEzMcQcXstHJzGXYxpv%2BdYmI5OxYy7lJ7p251Bcgp%2BUu%2F6W3MYbZ7FZ65j6qjjDIGdPygjZGZWL5VPq4TteF40w5JptE96DhUgSB"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5c5f130afe-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  PNG image data, 18 x 19, 4-bit colormap, non-interlaced\012- data
Size:   289
Md5:    9284cc2371801ec8236759db3a6f6d44
Sha1:   f7d47b2de3093dd20e669829da19f513dcdea11b
Sha256: 56b0b32028571b13ce7ef422145c550fefbb43b2266cc9f70d4b7f5dd968205f
                                        
                                            GET /clicks/chapter2/Rosealbear2_files/valid.png HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Length: 838
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-346"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zKBdZJRl6%2FZqcGCHbnKdrtF71qNCAvcm00sMUtqlR2e%2FIqFZtUrNeIR%2FaYP5c3Hea10NduCsjWlZA%2Fzq%2FY09nFm1%2BE7X89m%2BVathN568R%2BaLwcfn7YVI6J7FuOIB7A9YlWo%2BmVfj"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5ca9fd0b31-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  PNG image data, 160 x 40, 8-bit colormap, non-interlaced\012- data
Size:   838
Md5:    18277457e4fdfcbc286f601b55a9c40d
Sha1:   44c437799c25c353f0101798580706ca25bd1b94
Sha256: 36dbf76119f6343e090429aec3d924f082b3c1dd9f936e8205bfa64d6222510f
                                        
                                            GET /clicks/chapter2/fonts/fontello.woff?45898082 HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/fontello.css

                                         
                                         172.67.145.167
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yjtir0uGqBE4%2F84kvA90%2BniOpPoOInHqrUEJ9GUdJRDzAVaSuQ4SONFoLAQYW%2BjFSEm7VBSXIMOKH47W1BrJcQLSRGFLeH0kMLiFQgh%2BsiLud0i2t4IA7EwnT5mj%2Fc8I3teDbWss"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5d0de70b59-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   153
Md5:    706a98254456810d3e849c3957af9d01
Sha1:   e461d072a6ba8f0082d6f187eba7f053343529c6
Sha256: 8351c0267c2cd7866ff04c04261f06cd75af9a7130aac848ca43fd047404e229
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4D4FF9BFFE6F4E26ED337B0A621DFFA9E8E3E767A9A399904E429E3400CB96D6"
Last-Modified: Sun, 02 Oct 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21518
Expires: Tue, 04 Oct 2022 12:50:11 GMT
Date: Tue, 04 Oct 2022 06:51:33 GMT
Connection: keep-alive

                                        
                                            GET /clicks/chapter2/Rosealbear2_files/content_img_8.jpg HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Length: 61753
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-f139"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fm1n6ICcrVis27qtyn%2BpAR8824YoUmVUNQRHM32U%2FAvi8Ps71iXbb1%2Fas6VD9rXzbHH9od28fUhwEvifTiIvlP6EpEjgZ%2BKV%2Be99lh0%2Byx7S%2FU4cKT0II3gs3AD6cB5oV0sClBCJ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5c6f0a1bfa-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 770x440, components 3\012- data
Size:   61753
Md5:    6edf8643b514603690c06de8ea3e4129
Sha1:   91512b3ccd19830c07e45daee88a457570271229
Sha256: ae6dc96b4556a07b5074c30d69e4b12a2e10716043ee6614d634fe4cd9a224a4
                                        
                                            GET /clicks/chapter2/Rosealbear2_files/top_img.png HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Length: 179725
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-2be0d"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2dPdxB5%2FcdNbOgHmwIHx8%2FmEqofx3tieo%2FecUR76xjqAdY5P7jICpyjws04drXRjNCBG%2B43s0GJeT18xpeUnlL%2BUEmZiYREeNXymjD8wXufZ0q37Q%2BLYZ1E67yIiQbQR60Q%2F4WCz"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5c5ec4b50f-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  PNG image data, 624 x 605, 8-bit colormap, non-interlaced\012- data
Size:   179725
Md5:    029dd9292628872efc08c2398578c6e8
Sha1:   465806088f465ab0a1901621cc25771aa6126f0e
Sha256: 37590258e5a3035b9cf3f38f1ef11090942c3895559753f622a2ed9707b395ab
                                        
                                            GET /clicks/chapter2/Rosealbear2_files/content_img_1.jpg HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Length: 90632
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-16208"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bN5Hg4J8fKivCcKdyOBd8KYlEUaSRGwOWDXOjam2%2FfhXezDzAALbqFwnemOevnFqGfoAcfdZasp46pD9i8Ch7X2OEdIMQEP%2B%2BjyzAgZTG7B7leKMBmBKPmw7VlcT1mRwSfSUW7Yg"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5caabeb505-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 770x440, components 3\012- data
Size:   90632
Md5:    a905e5411833c4631ecfda393a509db3
Sha1:   17dd38c12a54efffb10cdb2b1c6480ae01002ed7
Sha256: 9a22d24847681f53aa3ea530cd1c855190cd5f687b0f2a5e4cf98237dbb0d2e4
                                        
                                            GET /clicks/chapter2/Rosealbear2_files/content_img_5.jpg HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Length: 92034
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-16782"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 1751
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AxwSCWPjyecufpDC4gZfqAJiAy6HZudYgY4kY%2FFtjJKJcRSedgtieEm4Pi2IWLzfQ%2BjeJkYuWRiuxtJXCaM8PqsOsEfF%2B70ypD8JJFgxSe5dyulPZVyT1KW1p237I5cj6IDATHtI"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5df8dcb50f-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 770x440, components 3\012- data
Size:   92034
Md5:    3e7500b87b9bcf16a1b82d302be69ff7
Sha1:   10b61015be6f5ac86c28f468e0fbda9dfa497821
Sha256: acfa44424d2d360c7f163559f8ab7e43c87ef50402a375f7f12815c9e097fe5f
                                        
                                            GET /clicks/chapter2/fonts/fontello.ttf?45898082 HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/fontello.css

                                         
                                         172.67.145.167
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j0o9mZGrP4VaW1Zp%2FsOF5DdVN3O4KwBIO2X5oUS4eG9a1I1pEeMFbViwcqkb%2Flo4njahSAr5WAwxoe9bdIGfn0XEivDqmp7QkH6%2BXfFhFIgROh%2BpGdi0NrUatprYLdTXjvMLobeT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5dc8031bfa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   116
Md5:    d6e62b966693d7822072903ae8310d00
Sha1:   2de307cf4db56a090d7633f2da9ce6d224f6ffb7
Sha256: 36bd7d3c61ddaa2cfd74438dfcc2552f527a5299abc17957073a05d4b1d5cecf
                                        
                                            POST /ps//templates/Pixel.iframe.php?net=2979&aff={AFFID}&sid={SUBID}&cid={CLICKID}&type_detect=retargeting&prod=rosealcutebear HTTP/1.1 
Host: hypertechx.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Content-Length: 0

                                         
                                         207.154.203.102
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.10.3 (Ubuntu)
Date: Tue, 04 Oct 2022 06:51:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 04 Oct 2022 06:51:32 GMT
Cache-Control: no-cache, no-store
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   92
Md5:    1d70ef45582c344c6ce7a88da3042424
Sha1:   6af8dfb071d50ccc65aa7d12c184a0cad218b913
Sha256: 04b3828c54adec784e53b1ef995cec191c197a820e73ebb98718f3c418a067a4
                                        
                                            GET /clicks/chapter2/Rosealbear2_files/content_img_2.jpg HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Length: 52404
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-ccb4"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vIjRWjzdrNnm6v6f5W8pLj2gqoTx7A9XG3o8nbEDxYCZcxMvkOgIXFVujWlc11dSAs8duNGB9POpF3qkGSsGDsbsJrHSkG%2BDMkCX9eXM96HvRzoGvGB%2FQ98cvPUhmRnWyoO6vjjh"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5d580c0afe-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 770x440, components 3\012- data
Size:   52404
Md5:    6124e5518e11d807eb80e1cd077262ba
Sha1:   c83380a6f1a54286df12d4171611872d99493151
Sha256: 13613ef8211578ce3d308c300cee8fc35ef9db5e4bb75e38e9bcf092c9e74566
                                        
                                            GET /clicks/chapter2/Rosealbear2_files/content_img_4.jpg HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Length: 65444
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-ffa4"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TTGIhWzHx4EVZX0UvO5%2BslKDn6YEa6B4yPVhyzcPQs2k73%2BgdEuAID9rn37R8UkePEytBZjFlrYnG2rdZmp%2BdV0zdmgGI2G8sQ4wmT4BOVT50z9LF3DvTX9Y06ezo5Lf42gR%2Bcup"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5d9e720b59-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 770x440, components 3\012- data
Size:   65444
Md5:    a3358ba5fd7ece7926640d6b9ead7f6c
Sha1:   d2c88ac2ab3a0a95efef69114d98d5fd580759e0
Sha256: 21e0da1da05c6fe3e6b5d9821de45ce576c6cedd846c53e2bb562d93df59c63f
                                        
                                            GET /clicks/chapter2/Rosealbear2_files/banner_img.png HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Length: 19033
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-4a59"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9CSCCWzKWx%2F%2Fx%2BdVJm24lB7GhsdGeNAWTtOzoHFirYUtoOur6zknaKBFomDUBIjDvcTpq33JmbV8S010QaVJCPidl5RrNZnPaAMHOEUOh4gvV2j8vnAG9hsg3Jq6WgkxCcS8%2Fbqh"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5e08eab50f-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  PNG image data, 187 x 155, 8-bit colormap, non-interlaced\012- data
Size:   19033
Md5:    0e296e0df65e7a07403eb0ebaa802118
Sha1:   93a34fe18c0f99579ba7429759dd5463456888fa
Sha256: 9e8a5ba4d77c92a6249b1c868112a6e1fcf1a0090bdb27a4202cf74ad80d13fd
                                        
                                            GET /clicks/chapter2/Rosealbear2_files/content_img_6.jpg HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Length: 64600
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-fc58"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rCP36aycBjmg9D6Nbsz4VNt5FVssnP20xjgp1SBKnHL1yBDJGnVrvQ4JWdbZI5PKqs9Twjs0yjWBbVTq%2Bo%2B0k3O4X56eA%2Bk0RsSxHZKxRAxxm9auWvnRibwB3j6XgfKXmHBZ3eRu"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5dfc22b505-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 770x440, components 3\012- data
Size:   64600
Md5:    2b1fdc001fde3c8aee2dc4f38d7cba28
Sha1:   76c57160bcf5d64b49018d5510915d903b67b34c
Sha256: f172bbc39569b63d61d5ba7589f4272c64aa93cade0a9fab5958b99e19bcdfff
                                        
                                            GET /clicks/chapter2/Rosealbear2_files/content_img_3.jpg HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Length: 115955
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-1c4f3"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sngWL%2BfkiBmTaGlyyF9wnDZTHhmZXfvS4XZCEErZWEg4PGVpXUwVUUlonP%2FhHeoiwb%2BVvZwBmsqqn8RgbxpG2i%2FdoHaTQFGURBm4afZ2hxrnG767QGwU9GzkFHvk0X26%2Fs2x%2FuY2"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5d9ac70b31-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 770x440, components 3\012- data
Size:   115955
Md5:    7634003e6c65ae0ba860389e31fa3f98
Sha1:   40debaf86813ea40f673c26147f61d81306a2df9
Sha256: 625882531849b98ac0cadcaf37a842dbd9badb8e66a2fb6b3aa0ef3ab7fa8fdf
                                        
                                            GET /clicks/chapter2/Rosealbear2_files/banner_img_m.png HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Length: 22215
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-56c7"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2t5Hpz3RlbG2YrZHNYd8jxCb%2B9iQZt6dfKaN000GW%2B2HDTa%2FhBMf51yqTXcX8UBbCi69O%2BnRIOo7MYo51vm1d5fu38b7p%2Fd9%2FWg6YSj0%2BbELUVFE7ynU2vwhszphnxgAh41KdaBK"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5e184c1bfa-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  PNG image data, 144 x 219, 8-bit colormap, non-interlaced\012- data
Size:   22215
Md5:    d6ea637fe3810bf2a1a5a8c64db79fb8
Sha1:   2e84b9125dd14c39fef5229501b726e5999f5956
Sha256: 593728b2750109be90b9f485f6574b82a035f1aeb03da08b9349691d30aa0b65
                                        
                                            GET /clicks/chapter2/Rosealbear2_files/cart_img.png HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Length: 245
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-f5"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4OcSOo70Bzo4tHOsO0tPvEPXzwyI1sQuFNnOewyLvpqAhQjV2sDQNHrIe%2FSlHFldCj0UDJ9cHsiFTrg%2FYmL8yvE1A7ZqBeTNYz5hEGkLhlcuWhTzGxhx8gZv9LdniS9Y6qE%2FnmUa"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5ed93e0afe-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  PNG image data, 17 x 13, 4-bit colormap, non-interlaced\012- data
Size:   245
Md5:    a9c8f42db429e81d832e982ed6c6d2b8
Sha1:   86b6c9af64b78bedde25d140a18f29b747ec952b
Sha256: f5318d67f0717460be562b2579117009d1eb3f6df57523536ca350141f57ff02
                                        
                                            GET /ps/rosealcutebear/img/favicon.png HTTP/1.1 
Host: hypertechx.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         207.154.203.102
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx/1.10.3 (Ubuntu)
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Length: 3138
Last-Modified: Mon, 27 Jan 2020 12:49:49 GMT
Connection: keep-alive
ETag: "5e2edc6d-c42"
Expires: Thu, 03 Nov 2022 06:51:33 GMT
Pragma: public
Cache-Control: max-age=2592000, public
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Size:   3138
Md5:    8d9a6188a5d8039cb6673e702843089a
Sha1:   9ea84cc7a749d1f3ecac6d5b9df01b5107839d4e
Sha256: a42a4f95df0de366dade605621b9e3b8b9aea841d4cfa0cd9d9509701e569dcb
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6199
Expires: Tue, 04 Oct 2022 08:34:53 GMT
Date: Tue, 04 Oct 2022 06:51:34 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6199
Expires: Tue, 04 Oct 2022 08:34:53 GMT
Date: Tue, 04 Oct 2022 06:51:34 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6199
Expires: Tue, 04 Oct 2022 08:34:53 GMT
Date: Tue, 04 Oct 2022 06:51:34 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6199
Expires: Tue, 04 Oct 2022 08:34:53 GMT
Date: Tue, 04 Oct 2022 06:51:34 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6315
x-amzn-requestid: 6aa75b16-32e4-48a7-9fb0-9e3d5528c2d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWSdsHUnIAMFXtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338cabd-742d8a436403683e0cd9368f;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 23:18:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5sAzc5Ewv4g6Wqq6JJiLylG3Jyy_nlWrr5Oteeo6ebEgq7Rvss4XaQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 04:42:53 GMT
age: 7721
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6315
Md5:    206fb65e75dbadf119512f71e0b78402
Sha1:   58ff0bf8ce7528b303d28bab01a80ad721705569
Sha256: 56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9917
x-amzn-requestid: 2dff93d9-795d-4885-9b82-610b0d235a82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTGEnIAMF1zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-117afa703663ada75627792c;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: p5nOqBojKO6S-c_DxIu8B3p-NK0pzRHkz0DOPeyv7PQt9h0x1jdtoQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:55:54 GMT
age: 32140
etag: "22aab05208a01ae5def4d63dc145085630f57bcb"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9917
Md5:    d8c08f8066cc732de8befd6ccd629a95
Sha1:   22aab05208a01ae5def4d63dc145085630f57bcb
Sha256: f8a560a0563518d992d0bd2655d2b5c406435a18e874ca00b51374d2ff901770
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962fb2a2-ad40-48cf-87a7-de082c564a5e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8534
x-amzn-requestid: 8ae51cd3-697b-47ed-8493-8f83e2bc7469
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpHuHlXoAMFucg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5564-165d72034440cf810d42f3bd;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: LPt8LUVoKhXjfz-jZHLmnWD15tQgSLRaxl-Bsl0UU83G7wm3jj7_mg==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:37:24 GMT
age: 29650
etag: "2b9f6828a38da81b40dcad033572e48b4c5896db"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8534
Md5:    f2287c489794dab0e9ba923a2057988f
Sha1:   2b9f6828a38da81b40dcad033572e48b4c5896db
Sha256: e853fa2acf2425d14cb9746e8bbd45c8765598d2bb630859086b4668182dbf6c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4fcdf5f2-fb82-429f-a6f0-8f79d8aa9106.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9455
x-amzn-requestid: c7e1aa21-0afd-4329-a886-ca52e1a30c7e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcqJXHLUIAMFU1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5708-1905710834041431314b11be;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:41:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: D-2NszpZ31D2YAbZRcPdqN3zZ2ScANt6bokfSbANgnsXBoTF2d__AQ==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:08:09 GMT
age: 31405
etag: "cf021352d993967e78552b275424ff139e4ef66c"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9455
Md5:    50556325e5a38a5dd7802b1391815bcb
Sha1:   cf021352d993967e78552b275424ff139e4ef66c
Sha256: 96fd2e848a45d071e334a8d08c8b89215f80f01f947af6da2efaee72dd16914c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fec31ab6c-46f2-4d77-a807-9f14bb5073bc.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11955
x-amzn-requestid: ce6bbe93-95b0-4b6e-a8bc-012796485e67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zcqb9FUtoAMF0WQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b577f-59dc0a18523f900a059aa5df;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:43:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: tJwzKfs7HnQ7dVcINwnlzxTChXiEi4JPj8jrS8p5KhurRx_o3ZVOZQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:10:59 GMT
etag: "e2ea2ef6805e391c497e62e101e76a0bdecfce64"
age: 31235
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11955
Md5:    54b3ef7aa50273b78b59c24511b0c1f9
Sha1:   e2ea2ef6805e391c497e62e101e76a0bdecfce64
Sha256: 296e8954022d5160137b3e02ab5085a15cee7c23cd6d4ca61b36880706062457
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92f8209d-8dc3-45f5-bfb8-151edb23e30c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4996
x-amzn-requestid: 2f13b6ea-4426-4b3f-81be-5d8ca0278ce7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcrokFkroAMF0XA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5969-421b4993676a68df2b43ad65;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:51:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0s9K75q7TzjbFBJ3vviHLcItPRb6CP2URJRYs2k9JmppyWHKvzv5hg==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:10:59 GMT
age: 31235
etag: "16f2fe758de4ebf7d654cb9669c73f030eb1fdef"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4996
Md5:    126f1f4538e5e4228a4f36d3b02e9d62
Sha1:   16f2fe758de4ebf7d654cb9669c73f030eb1fdef
Sha256: 594210beaabbc35a37d5d648836277f950e46b2d4c2eab2abde2d33beafdff37
                                        
                                            GET /offer.php?id=184&sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         104.21.73.147
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Tue, 04 Oct 2022 06:51:32 GMT
x-powered-by: PHP/7.3.25
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7z2PmySfq1tg4winwFMMAA2O8VmmQ0KZ%2B%2B96eAP%2B84jqfj1c1nF9P%2BzJ%2FF7ymqedKDjXwjY1GSaSVlNhv4GJVgU0GwbaIqvL0Oyuv%2B25pLhd32yei8RyclDYXBZ1AFtmXFnGweOe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 754bfd57f8e0b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /clicks/chapter2/Rosealbear2_files/content_img_7.jpg HTTP/1.1 
Host: www.prayroll.sa.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

                                         
                                         172.67.145.167
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Length: 93953
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-16f01"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 1751
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Xw4lUaqrkzmZMmidmxVPdj7NvtEWAWIjLII%2BACezyUOfv3yxRjIjJ6fLu3kIeVICvY%2F6MkCCSyaGqy2kmAw1ZF95L7J2d1tKmRSjxpqAA0ae%2B%2F34X1Z3x%2FIkDYnyQiio11qTMpn"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5c69bd0b31-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---