Report - www.prayroll.sa.com/ypmipjicmkl/gciwc876806maxvjavlg/fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv

Report Overview

Submitted URL
www.prayroll.sa.com/ypmipjicmkl/gciwc876806maxvjavlg/fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
IP
172.67.145.167
ASN
#13335 CLOUDFLARENET
Submitted
2022-10-04 06:51:42
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	652 B	1.5 kB	23.36.76.226
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.3 kB	4.9 kB	142.250.74.3
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	375 B	43 kB	142.250.74.168
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	52.43.46.140
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.8 kB	204 kB	216.58.207.195
www.prayroll.sa.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	21 kB	1.1 MB	172.67.145.167
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	18.164.68.8
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.3 kB	6.2 kB	23.36.76.226
hypertechx.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	928 B	3.9 kB	207.154.203.102
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	58 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-10-04	medium	www.prayroll.sa.com/ypmipjicmkl/gciwc876806maxvjavlg/fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/jquery.js	1.5 kB	2023-03-08	2023-05-18
Pretty URL www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/jquery.js IP 172.67.145.167 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:31:27 Last Seen2023-05-18 00:50:05 Times Seen5 Hash 4b231ef5dc73039b29a002cb278b220c ced7fb63c17056d86d80f37c37028bf12df839f9 b730645f31d4a7f6d2fcc501bfd781c11ef54a6b898107e76f1aa8ee7e08c515 Loading...

	www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe	543 B	2023-03-08	2023-03-08
Pretty URL www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe IP 172.67.145.167 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:31:27 Last Seen2023-03-08 05:31:29 Times Seen1 Hash 979de84b6e7b17874c97ac1920c72019 32775d86ee96003b39781a769dcc8ba5df50984e 0cde114ed9aec91fd41cd6c771267bd4bd746653cd84d5cf37b54a9e3aef9969 Loading...

	www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe	2.3 kB	2023-03-08	2023-05-18
Pretty URL www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe IP 172.67.145.167 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:31:27 Last Seen2023-05-18 00:50:05 Times Seen3 Hash d41f11bc03b5d42cf7aa16924a26734d f6c8e79c8ead93bc1b5832c6c16ff00ea574c3e6 11716ed10140607354862530383c77a13674c00436c386359ff6502441f867cc Loading...

	www.prayroll.sa.com/jquery-1.11.0.min.js	96 kB	2023-03-07	2024-04-25
Pretty URL www.prayroll.sa.com/jquery-1.11.0.min.js IP 172.67.145.167 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:10 Last Seen2024-04-25 12:11:37 Times Seen18514 Hash 8fc25e27d42774aeae6edbc0a18b72aa b66ed708717bf0b4a005a4d0113af8843ef3b8ff b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682 Loading...

	www.prayroll.sa.com/ypmipjicmkl/gciwc876806maxvjavlg/fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe	340 B	2023-03-08	2023-03-08
Pretty URL www.prayroll.sa.com/ypmipjicmkl/gciwc876806maxvjavlg/fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe IP 172.67.145.167 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:31:29 Last Seen2023-03-08 05:31:29 Times Seen1 Hash 714927cc790c3da5a3ad1b9f2c273047 15c2ee03fad076b5faf9ec2002f4683a25f9935f 6f45407dda1d2fbb85023e4853fa2a3d781591da4b6a65c23ac6be5d3d8d37bf Loading...

	www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/bootstrap.js	37 kB	2023-03-07	2024-04-25
Pretty URL www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/bootstrap.js IP 172.67.145.167 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:54 Last Seen2024-04-25 12:55:46 Times Seen54595 Hash 5869c96cc8f19086aee625d670d741f9 430a443d74830fe9be26efca431f448c1b3740f9 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef Loading...

	www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/main.js	2.4 kB	2023-03-08	2023-03-08
Pretty URL www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/main.js IP 172.67.145.167 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:31:27 Last Seen2023-03-08 05:31:29 Times Seen1 Hash ca81720e6e77d0ab1500612c135f36d4 3d402916cf369c6a0bf2cc598693b8df5e5b1b20 11c6db8b868e2f44d4e83041a67bace7b2bcac1eae77625c478e9fe775d1d023 Loading...

HTTP Transactions (77)

URL IP Response Size

www.prayroll.sa.com/ypmipjicmkl/gciwc876806maxvjavlg/fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

172.67.145.167

200 OK

546 B

URL HTTP/1.1
www.prayroll.sa.com/ypmipjicmkl/gciwc876806maxvjavlg/fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (318)
Size
546 B (546 bytes)
Hash
6743677a45dabb4c2b853b5302fb2ac9
925adfcb7fd5298aa2e590fc1f134a3b692b1cbb
842d8ce736c002713af89d78f498cf1b4b94de5688db9beea2656730ca10b565

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /ypmipjicmkl/gciwc876806maxvjavlg/fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.25
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J23%2BbzVtGAWOVetGk3MMJ6KWs2OrTXh8prvLmdiKLuK4HYDI4YflU%2FLspStBQttlil4k5uELHTDwtbh4h2wVBF%2F6U6gHJEaL3YRkemRdF9CKS%2F%2FmsCXC2wvxQo%2Fbn8QOs0G63e7f"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 754bfd52e9d90b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

firefox.settings.services.mozilla.com/v1/

18.164.68.8

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
18.164.68.8:0
ASN
#0

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 04 Oct 2022 06:04:12 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 86897b9f074001e33ff5cbec58c4bc02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: 2-P7iLUCzJ8jrDS8wOTprfX-rs3ocwXYtGi2Ov9XTm9rITC8sgFdhg==
Age: 2839

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9955bda9c9ef64bc5700a14af0bae25e
8de7b7469e905af0374bdfcc3006bbb844f13e94
1f611155394fac39439b8ec8217d8cd493d6b588d372d264e0d66c03129c50c6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F611155394FAC39439B8EC8217D8CD493D6B588D372D264E0D66C03129C50C6"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7044
Expires: Tue, 04 Oct 2022 08:48:55 GMT
Date: Tue, 04 Oct 2022 06:51:31 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a1073a68ed38c8e3575e889224db944c
ee2a7a3e2da77a8540131f9ffaa0a20d4dd486bd
a9fb1f7ade7c8a79d2ee83e9b7215e66dc89ac733b11079297a8f4b9aceae1f5

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A9FB1F7ADE7C8A79D2EE83E9B7215E66DC89AC733B11079297A8F4B9ACEAE1F5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5123
Expires: Tue, 04 Oct 2022 08:16:54 GMT
Date: Tue, 04 Oct 2022 06:51:31 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: euEokuY8Z/xt9rwY4nzNO49mAulpczUomUcZzqIpLWf4G5/m1JO9h5YcwgaEyX+03h/sNAM7XU0=
x-amz-request-id: VSE8G9E1R2TJBZ17
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 04 Oct 2022 05:54:02 GMT
age: 3449
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 06:51:31 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
5ba23234dfb31276cc3bf9a347508595
a225d0a9ecf5d7f0032816c6f3d4a5ae1f3b27a3
33558bed4856ac3f2a7267965521b316ccd3ccc669877994c6c590e2d2a1b559

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 06:51:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=UA-22484186-3

142.250.74.168

200 OK

42 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=UA-22484186-3
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2039)
Size
42 kB (42388 bytes)
Hash
ef377c5b03b7638d95472749b34c5f9c
03a1969e6ade49ca3a73dfdf233bd08062b98537
0dcf25022ddd87127254abd506547dc3596d244e2911e62d5a0d14e9157bcda6

HTTP Headers

GET /gtag/js?id=UA-22484186-3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 04 Oct 2022 06:51:32 GMT
expires: Tue, 04 Oct 2022 06:51:32 GMT
cache-control: private, max-age=900
last-modified: Tue, 04 Oct 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42388
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
5ba23234dfb31276cc3bf9a347508595
a225d0a9ecf5d7f0032816c6f3d4a5ae1f3b27a3
33558bed4856ac3f2a7267965521b316ccd3ccc669877994c6c590e2d2a1b559

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 06:51:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.prayroll.sa.com/jquery-1.11.0.min.js

172.67.145.167

200 OK

33 kB

URL HTTP/1.1
www.prayroll.sa.com/jquery-1.11.0.min.js
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (32341)
Size
33 kB (33436 bytes)
Hash
95fe3f4dd117c33f6015e1c3d6df1d0d
d5b8856932d1ea63f51824de0bb50670d2e960bc
e6945ac3f1927f242a9fd7a5cf67720f7763888127a7427eb24ffc52019d4b16

HTTP Headers

GET /jquery-1.11.0.min.js HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/ypmipjicmkl/gciwc876806maxvjavlg/fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:32 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:03:39 GMT
ETag: W/"62e8238b-1787d"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=er1OR79OsEA6dAO90esVL%2Fxkf78k3Sh2R%2FuN56WL1nVAj%2FsAcxdKBbk6TulGcphX88ZuyJdRdVb%2BBJ1b4WHB%2B8vfEtuXWTYiIirB8c7JZYr7a0lmodfz%2BM1tAj44RExUroEGYHjO"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd54eb4f0b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

18.164.68.8

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
18.164.68.8:0
ASN
#0

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Tue, 04 Oct 2022 06:32:53 GMT
Expires: Tue, 04 Oct 2022 07:12:21 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 49e8093d0b1ec293275e8b264631ad18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: 83T9yCMtiGQNAqPsTo85QLgQyT86jHeWHcPrcmaiVs9CCfgFiEhxaA==
Age: 1119

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
231f898520c3df2cd213b93aed1eae4f
c0954ae1cb28a68a819d9f70a3e22731892bba96
b4560537dbbd03c22db84351b4f7543eca4448eba3f85c2054d7c7a0e4067fcf

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "B4560537DBBD03C22DB84351B4F7543ECA4448EBA3F85C2054D7C7A0E4067FCF"
Last-Modified: Sun, 02 Oct 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21582
Expires: Tue, 04 Oct 2022 12:51:14 GMT
Date: Tue, 04 Oct 2022 06:51:32 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
231f898520c3df2cd213b93aed1eae4f
c0954ae1cb28a68a819d9f70a3e22731892bba96
b4560537dbbd03c22db84351b4f7543eca4448eba3f85c2054d7c7a0e4067fcf

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "B4560537DBBD03C22DB84351B4F7543ECA4448EBA3F85C2054D7C7A0E4067FCF"
Last-Modified: Sun, 02 Oct 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21582
Expires: Tue, 04 Oct 2022 12:51:14 GMT
Date: Tue, 04 Oct 2022 06:51:32 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
321fa9a78e31dcb66601ac5890bfba73
c325580db79bde6fd00d2d0c7e3f675e4c0046bb
83029b324b4c36522ae47eef9614c124b0ad2994de412d7ea82f990ad8ae9d92

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3555
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 06:51:32 GMT
Last-Modified: Tue, 04 Oct 2022 05:52:17 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471

www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

172.67.145.167

200 OK

6.8 kB

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (794), with CRLF line terminators
Size
6.8 kB (6766 bytes)
Hash
f66cf2114da8dbc150f09816f1032d0e
949d3bf3b9482d414d5af5338c83534778d8b56f
782ccfe21e7f697294f713e44e90a41ce8c44761f11f27fa800f2558d264e25c

HTTP Headers

GET /clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.25
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=egKm4688lZhfiQav9oIAH46ihmkBI20US22%2F8dWvrGXiqKhX6tX7yi%2FZZ3gj9bJNjBkcI4Xptj03HIog%2B5Cs25GzxhQ9C4lgyt4FncTrNUBlCogvpdcC6EOTocRkKUAhmxupiBgu"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 754bfd591f050b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/fontello.css

172.67.145.167

200 OK

362 B

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/fontello.css
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
362 B (362 bytes)
Hash
fa15172488a6d5c1b4071c496f2a1cea
6651c83e1ac3023e652d950af44a98d45e3e8b1d
95f7ddd9b2e97857d6b283da41709a8ec905c2901b7f01a1059b9bb4ee2f31c8

HTTP Headers

GET /clicks/chapter2/Rosealbear2_files/fontello.css HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:32 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-3ff"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IoVqwTTd%2BFRPHvdY1bXA64FMgftllZmlydqOjTywx7dynDMtSym8neiSlhAwAA%2FSTLJOhUrMKvuA8H%2BdulHQBUXnTopkXeyP6M%2Brwa48HpgIE7ywwniYTnj78sw%2BQxlCQqBuxgjg"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd59cd3b1bfa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/css_003.css

172.67.145.167

200 OK

571 B

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/css_003.css
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
571 B (571 bytes)
Hash
7e39e166104fc03ebc556c52b4a1dbd1
1fb21c5d048e2f4796462220b772088608ae728e
b8b3a9db82c45b6fe8c909b367e5add84657b8c3ab63fdc8c965094ee548d33b

HTTP Headers

GET /clicks/chapter2/Rosealbear2_files/css_003.css HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:32 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-1938"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YrO4T1lA1NutlnI3pOZTDryTfsdjW8hhMgIo3Nly5a5SrgdOwptE0SjAp3pxMwZTyjjp57QWV9qcBKChrqF8sYbrIp7WnBsedaoYOBQJMWzP8lBWkJPtdWGNWs9%2FeSlRRC8BnP1u"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd59cba0b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/css_002.css

172.67.145.167

200 OK

777 B

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/css_002.css
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
777 B (777 bytes)
Hash
c5072e32da3737607634298a7b205cf0
4b8d40a83ac2ab6499788050ceaf33ffb195185c
a55a4206866eb7dd312de9b4c1a6c6ee737d967c5bc13dceb7793bf28f20ec5f

HTTP Headers

GET /clicks/chapter2/Rosealbear2_files/css_002.css HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:32 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-352a"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d1O8%2BjLb11QQ%2Fed6HhZNmk2lK7vaPwP8EVVhcJr1nW95fmLq5A7GCmN4vSMc3PXIkzT8h9hC%2FAQ0XI1HyTN9bxzgC%2BlBbQmP%2FBxCWsAutMiSBQdElytOkkfc0%2BIU7ieUo6XJS2XB"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd59c810b505-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/css.css

172.67.145.167

200 OK

1.1 kB

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/css.css
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
1.1 kB (1123 bytes)
Hash
a116a37be9b0480bef6fdd76cfec6448
a147112fae99b8420fdf2549dd7a7d97ecca8975
04693ca007679e84b975e32e03bb5a7cdc35a2c3d7f023f1ec9f7bec0dbe75ef

HTTP Headers

GET /clicks/chapter2/Rosealbear2_files/css.css HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:32 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-62d3"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UVy6h9bQBh3iXlf1CweH2CXNAScGySXZK0%2FtJVMKXgp%2FNwW8vOCUs0SIzi2MYWEdLVpXESRbGj%2BNsaXt4Uc57ZjH31E0zcF33wa1nvFK9VfY3OyDkOa6eNdcVDJmCR5kA5%2F5LQe1"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd59ca6d0b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/style.css

172.67.145.167

200 OK

3.9 kB

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/style.css
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
assembler source, ASCII text, with CRLF line terminators
Size
3.9 kB (3942 bytes)
Hash
62b2d2be03b14deef0cdf9773cdb6f45
28ded02254cd4d8a2aa8230d7ecae82a0e084cf4
27079488d20ff7b332208f04732a188aba343bb632cf5428cee9b691d7eb6d8f

HTTP Headers

GET /clicks/chapter2/Rosealbear2_files/style.css HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:32 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-4c0f"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ooLySzr3KOICoi8LYBlsNIMHZPN6h37FzB7b3P3MVGmUux46aVxaK7Iv6UzBtPFsg9Pp%2Ff4SQaWUDtw6tuk2HFvfz%2FOiV3lwC%2BA%2FLQ5ZLnVdN71I35IQk5prY4lkkNUie1odfLqn"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd59dcd20afe-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

push.services.mozilla.com/

52.43.46.140

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.43.46.140:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: S+nj1HC3szb/yUpXEFxZTA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 9bDX8b2DexArwO802HW5QyAEwqA=

www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/bootstrap.css

172.67.145.167

200 OK

20 kB

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/bootstrap.css
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65371)
Size
20 kB (19577 bytes)
Hash
ec33cc046e01c53aec64024058d8de78
d7df0f7a5a950ec42f3f950d5a4eb5dfa0993aa0
73fdef7c62fb183ccf51e35598666c094b3a3b92de0160fb946a708fb1c0f1b9

HTTP Headers

GET /clicks/chapter2/Rosealbear2_files/bootstrap.css HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-1d970"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d1uGBL3DYx30sXQ6sPWF9peWRyD2egX%2FU8ywCzzHKrQeujYOgmPlW6bIVF782kj3HiVibmuTYD5L7GSVfrOD0CLPJudUI%2BM4zIoOtcjeYwXUMSRfCpDHrNf3bcaEv4vHNkjlmTTT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd59bf980b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/main.js

172.67.145.167

200 OK

762 B

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/main.js
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
C source, ASCII text
Size
762 B (762 bytes)
Hash
26566d64b797ad741a932e00c23e3edd
4ebdbc0c6f77a5697e9494b8fe3a650b6bc64719
40421508ddb2aeb8d1551597153e38ad08caa916518e3b3417741fa0b668ecb2

HTTP Headers

GET /clicks/chapter2/Rosealbear2_files/main.js HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-981"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TUbEsmtFLLEZ%2F%2FXG%2Fp7%2FJJmOie49KV%2BaMxbEcBA%2Bi8933IOi3Op4s5NZ%2FcsXjpLhm02nSFfIShbpl0sCNbR2y4AHGRf8F4TDoCgcWmhyrzGb30NBAWGejtvGNP5Ryf9nRWKO%2B%2BIh"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5af952b505-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/jquery.js

172.67.145.167

200 OK

678 B

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/jquery.js
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
678 B (678 bytes)
Hash
98ac02ce748fd8b53d3e80cbfe705601
6625c6a4baddbbc4498f83ac01f9afdcd200c737
3a28afa43216be8d653146694eca8369f219a724d092edb8bf8c9ae703a174c0

HTTP Headers

GET /clicks/chapter2/Rosealbear2_files/jquery.js HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-5da"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m2WX8ePR%2FSLjfw9hBREczQ9mGUZWDvioSbD%2Fmev0ctMUuTufK3%2F%2BcBL9xhA3OZut93KkKoB2WyJOw3OgxEH%2Fbl0mw7sUQvRoIKjI102ejM4TcvUYrPVayA%2BUTaofolxAm2lW5LJU"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5b0c250b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 06:51:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/bootstrap.js

172.67.145.167

200 OK

9.8 kB

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/bootstrap.js
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (32033)
Size
9.8 kB (9833 bytes)
Hash
5001f34e4d6720378751012dedda52d6
d582a3fa4a2772626a934ade1489dc5e5f97a845
3cbb8f3723828476519f646eed5cd50a490f1cb1a03b9c2e92ad2a749c1dbf5a

HTTP Headers

GET /clicks/chapter2/Rosealbear2_files/bootstrap.js HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-90b5"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=54XtU9xrDIKsYOQm6IUI%2B8glVtltq5wEK12WSk2fTjtOCrOsf3zojZK0gjQuBe3M%2B3NL7Q8r%2FeJeQK9zSyY4IhCdCcBQSQzNyw6YcSfzbH6BXLottyeHEdiYpOVXt6IjyFWsC2vN"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5accd3b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 06:51:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 06:51:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.195

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15736, version 1.0\012- data
Size
16 kB (15736 bytes)
Hash
479970ffb74f2117317f9d24d9e317fe
81c796737cbe44d4a719777f0aff14b73a3efb1e
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3

HTTP Headers

GET /s/roboto/v20/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15736
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 13:35:36 GMT
expires: Sun, 01 Oct 2023 13:35:36 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 24 Jul 2019 01:18:36 GMT
content-type: font/woff2
age: 234957
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/logo.png

172.67.145.167

200 OK

3.6 kB

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/logo.png
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 198 x 44, 8-bit colormap, non-interlaced\012- data
Size
3.6 kB (3573 bytes)
Hash
4e82c9ce56997d98107cad1636373b7b
0f54b8a9398d4c61d77be77fe6d507c305849abf
b4ee829d80f8ab9bf4862b2c85178b22e770ddf6601af0fbcf057bea8fa42821

HTTP Headers

GET /clicks/chapter2/Rosealbear2_files/logo.png HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/png
Content-Length: 3573
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-df5"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qLYr%2BkDP4sBQpspSASzo2nMlsUu8RmGK4hgZbqkxe4%2FAWHa12vhcsnP06r%2Be%2Bjol%2B%2FnDErN%2F%2FVHNVXSyr7cR90buEbZjbYekO0nMQMBpoAUqngaXxDRk2OGAnV4Ck%2B%2FjZLvWbZir"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5b68f50b31-OSL
alt-svc: h2=":443"; ma=60

www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/close.svg

172.67.145.167

200 OK

481 B

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/close.svg
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
481 B (481 bytes)
Hash
263717a7c89bd0ec940573fed33e7a89
7e4f19944dafd279f77ce709bc529ce40a0c28b0
664cb275632ea66b8abf5ed6d16a8099b4f317074f32b63b7754d05bd90d4d28

HTTP Headers

GET /clicks/chapter2/Rosealbear2_files/close.svg HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-364"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BISvYLQaiGvOzFk8otyF9FVdj1pjyM9VC7MHptzTRFBfiHJlE8Pd7MqiaO%2FLHNDdwSrYc%2BX2f2n3lokFHCFjRvbROyhmGoPtuEvaVdcZP7Y%2BuzTQdGpu%2BCujvW0iELJVuNem1X8%2F"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5b6e460afe-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

fonts.gstatic.com/s/worksans/v5/QGYpz_wNahGAdqQ43Rh3o4T8mNhN.woff2

216.58.207.195

200 OK

24 kB

URL HTTP/2
fonts.gstatic.com/s/worksans/v5/QGYpz_wNahGAdqQ43Rh3o4T8mNhN.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 24032, version 1.0\012- data
Size
24 kB (24032 bytes)
Hash
dd4fdc27521a8dbf8c5fb5d3cc1e759d
8100052d2765ac23cd3c8c7b267810e789f6b72c
01d902cdabc6ff88c288546422496ce3267cb0de2623156bb2b200e41d6df709

HTTP Headers

GET /s/worksans/v5/QGYpz_wNahGAdqQ43Rh3o4T8mNhN.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 24032
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 12:47:07 GMT
expires: Sun, 01 Oct 2023 12:47:07 GMT
cache-control: public, max-age=31536000
age: 237866
last-modified: Mon, 22 Jul 2019 19:18:47 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 06:51:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2

216.58.207.195

200 OK

9.8 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 9760, version 1.0\012- data
Size
9.8 kB (9760 bytes)
Hash
9d484aa99b936dfe89b6b12df530d138
41298a7f6caa8e6a22919cd7bc23faa990734f37
b12b566a4b982d1d9ebdd2f94dbffc73ff39c9f6df112b8752191418538d01e6

HTTP Headers

GET /s/roboto/v20/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9760
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 27 Sep 2022 17:41:50 GMT
expires: Wed, 27 Sep 2023 17:41:50 GMT
cache-control: public, max-age=31536000
age: 565783
last-modified: Wed, 24 Jul 2019 01:18:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/worksans/v5/QGYpz_wNahGAdqQ43Rh3j4P8mNhN.woff2

216.58.207.195

200 OK

24 kB

URL HTTP/2
fonts.gstatic.com/s/worksans/v5/QGYpz_wNahGAdqQ43Rh3j4P8mNhN.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 24416, version 1.0\012- data
Size
24 kB (24416 bytes)
Hash
de83f55b9291ee1bd05c8ebfb451e088
6cf8149b31a4b1e97ca7134a87c56d23531a8650
5fa4c180ac3f29bd3eb23a142aaf20ca6202f9dff37308be5c57231fb80a3417

HTTP Headers

GET /s/worksans/v5/QGYpz_wNahGAdqQ43Rh3j4P8mNhN.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 24416
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 29 Sep 2022 07:56:54 GMT
expires: Fri, 29 Sep 2023 07:56:54 GMT
cache-control: public, max-age=31536000
age: 428079
last-modified: Mon, 22 Jul 2019 19:19:58 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/worksans/v5/QGYsz_wNahGAdqQ43Rh_fKDp.woff2

216.58.207.195

200 OK

22 kB

URL HTTP/2
fonts.gstatic.com/s/worksans/v5/QGYsz_wNahGAdqQ43Rh_fKDp.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 22488, version 1.0\012- data
Size
22 kB (22488 bytes)
Hash
238c66f0f32567f8b025fa462b139235
a27f5e36161c6194a6f8a135e9e0056028bf3128
29a23ea4b518625595ed555e8edc2e32119a305df5bfecacc1ac38df8a384f9e

HTTP Headers

GET /s/worksans/v5/QGYsz_wNahGAdqQ43Rh_fKDp.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22488
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 02 Oct 2022 19:02:21 GMT
expires: Mon, 02 Oct 2023 19:02:21 GMT
cache-control: public, max-age=31536000
age: 128952
last-modified: Mon, 22 Jul 2019 19:23:43 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/jquery_002.js

172.67.145.167

200 OK

30 kB

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/jquery_002.js
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (32058)
Size
30 kB (30177 bytes)
Hash
165a43244de5b28bfdb9422e0ad82b68
dd12888e259036e6c6986a0c65a3b3e38b697f54
200e3fccd025dffd3f7c6ad186f87ea51737db6c85e279b0d8b9626ad7ce1954

HTTP Headers

GET /clicks/chapter2/Rosealbear2_files/jquery_002.js HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-15283"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gBXnm5%2BuCxfyuw%2FvxBmskhOFF%2FdWseCDeOtG0stnN8oWoeCSkwQtdQz%2Boudg4QUuig6MfZJB0c4sH1tYUz98sJuPoH0qxWzQMUZC0bDXu8%2Bp4HTWQ4mj6wcZpuG%2F%2Bwt5HM8CiSga"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5acdb41bfa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

fonts.gstatic.com/s/raleway/v14/1Ptrg8zYS_SKggPNwJYtWqZPAA.woff2

216.58.207.195

200 OK

21 kB

URL HTTP/2
fonts.gstatic.com/s/raleway/v14/1Ptrg8zYS_SKggPNwJYtWqZPAA.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 20864, version 1.0\012- data
Size
21 kB (20864 bytes)
Hash
77d77f36bed0a452984832f6b5f22e3f
787b42ec8f4a44925270d81a9fdeda0ba69ba707
0a654aef5d8378e00c1a8a8e6876a8e4246b41cf46a3cabf1bf495617ca4086e

HTTP Headers

GET /s/raleway/v14/1Ptrg8zYS_SKggPNwJYtWqZPAA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20864
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 02 Oct 2022 18:46:18 GMT
expires: Mon, 02 Oct 2023 18:46:18 GMT
cache-control: public, max-age=31536000
age: 129915
last-modified: Tue, 23 Jul 2019 03:47:36 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.195

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15816, version 1.0\012- data
Size
16 kB (15816 bytes)
Hash
2735a3a69b509faf3577afd25bdf552e
8621aff863b67040010ccc183da5b9079ce6fd1d
b4d07892cde715d50bb69c1982df496385d1dfd8f9d1867c31f19a3c8634cfae

HTTP Headers

GET /s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 04 Oct 2022 06:03:10 GMT
expires: Wed, 04 Oct 2023 06:03:10 GMT
cache-control: public, max-age=31536000
age: 2903
last-modified: Wed, 24 Jul 2019 01:19:00 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.prayroll.sa.com/clicks/chapter2/fonts/fontello.woff2?45898082

172.67.145.167

404 Not Found

153 B

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/fonts/fontello.woff2?45898082
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
153 B (153 bytes)
Hash
706a98254456810d3e849c3957af9d01
e461d072a6ba8f0082d6f187eba7f053343529c6
8351c0267c2cd7866ff04c04261f06cd75af9a7130aac848ca43fd047404e229

HTTP Headers

GET /clicks/chapter2/fonts/fontello.woff2?45898082 HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/fontello.css

HTTP/1.1 404 Not Found
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9hUjeoVk8twFPQqzBNwjGzFsZTuyiVXOEqFTwxAjb5VFPgTZ9FORKJ6u9Q71pUEUeXZdmdy%2FY1%2B%2B%2FSBmzeOim5CDgGisVoRP7xAGdsieBePQUqn%2FDzp0GYI7L6bvGVB8qgATyg0v"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5bfa2ab505-OSL
alt-svc: h2=":443"; ma=60

fonts.gstatic.com/s/raleway/v14/1Ptrg8zYS_SKggPNwN4rWqZPAA.woff2

216.58.207.195

200 OK

21 kB

URL HTTP/2
fonts.gstatic.com/s/raleway/v14/1Ptrg8zYS_SKggPNwN4rWqZPAA.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 21164, version 1.0\012- data
Size
21 kB (21164 bytes)
Hash
6a9b9c422e662a18013ee064fd789213
dbd7535cca2552efef08a77d11956652cc09bcd8
ccffda12d4002d59565466849044e53ff6734de84baa233f12a725662d8f8681

HTTP Headers

GET /s/raleway/v14/1Ptrg8zYS_SKggPNwN4rWqZPAA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21164
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 27 Sep 2022 07:06:34 GMT
expires: Wed, 27 Sep 2023 07:06:34 GMT
cache-control: public, max-age=31536000
age: 603899
last-modified: Tue, 23 Jul 2019 03:47:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/worksans/v5/QGYpz_wNahGAdqQ43Rh3x4X8mNhN.woff2

216.58.207.195

200 OK

24 kB

URL HTTP/2
fonts.gstatic.com/s/worksans/v5/QGYpz_wNahGAdqQ43Rh3x4X8mNhN.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 24452, version 1.0\012- data
Size
24 kB (24452 bytes)
Hash
539ed1a07cb8b137b6825efd1789c2f3
6a46045cbc0a5af52f68d8a65a40df4f5cc6ed6e
681a963b7e247c1376a6af7a6e439256600ac932521623f600faa57a59b4fcb7

HTTP Headers

GET /s/worksans/v5/QGYpz_wNahGAdqQ43Rh3x4X8mNhN.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 24452
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 14:36:28 GMT
expires: Sun, 01 Oct 2023 14:36:28 GMT
cache-control: public, max-age=31536000
age: 231305
last-modified: Mon, 22 Jul 2019 19:23:43 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/right-img.jpg

172.67.145.167

200 OK

59 kB

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/right-img.jpg
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 340x370, components 3\012- data
Size
59 kB (59003 bytes)
Hash
d99732520f9cf9d8dceb5eba427bbf7a
bccfd18f099134710852ed7056ab6bac8c8660b2
54be66fc2122141ca45cacc380a1df9ff82b8ae7e317ab630471285f9d07be00

HTTP Headers

GET /clicks/chapter2/Rosealbear2_files/right-img.jpg HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/jpeg
Content-Length: 59003
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-e67b"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 1751
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=82I9xWSP7IL4%2FZkwjK9AiP%2Fr%2Fd%2FO7zp278OLFTEUI2OQxNH3FLVwymZT1WbVxSJqmM5F4BU5H%2BuuCDeAeJnFqvU9FpxVmprTNTdtCfNHervVPyNbkF8sabu9R26ofJ3n9Mpdox79"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5c89e60b31-OSL
alt-svc: h2=":443"; ma=60

www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_9.jpg

172.67.145.167

200 OK

98 kB

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_9.jpg
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 770x700, components 3\012- data
Size
98 kB (98394 bytes)
Hash
ffdc5a8e61e0454b2df629887d88af72
cc88f0e1d83d1aca7cecf9912dfee09ab3e4b7f0
f52e14cc232b1844f833b1a324de1e84fcac0ca3e133a3f23e6793f7f1e914d6

HTTP Headers

GET /clicks/chapter2/Rosealbear2_files/content_img_9.jpg HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/jpeg
Content-Length: 98394
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-1805a"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 1751
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QNvbm5isoZ7%2F7klEvSpeQY5UOOvKVSsvlMocd2Q4LPhVNoh2auJw%2FEwJSQXRY6cduZcKEKaoSsNMYi4jeLdHXZFPMrD28K%2BXVTh%2FkZppJwlak2gRbu9wgO4wwR74a%2Bq1b%2FceD76z"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5c7aa4b505-OSL
alt-svc: h2=":443"; ma=60

fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.195

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15872, version 1.0\012- data
Size
16 kB (15872 bytes)
Hash
020c97dc8e0463259c2f9df929bb0c69
8f956a31154047d1b6527b63db2ecf0f3a463f24
24369e1b2461af9dcefecaf9cc93d64cf22a4c5bac32506100b9e21014507bcf

HTTP Headers

GET /s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15872
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 03:08:56 GMT
expires: Sun, 01 Oct 2023 03:08:56 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 24 Jul 2019 01:18:37 GMT
content-type: font/woff2
age: 272557
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/img-3.png

172.67.145.167

200 OK

294 B

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/img-3.png
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 15 x 15, 8-bit colormap, non-interlaced\012- data
Size
294 B (294 bytes)
Hash
1a1eb2244ef7c179f282719259a6f8ca
16f005c160ae1a4f2ad99ca179ce8ba0c1cc38e1
20afb9c7f93cfda5f7c9dd7005fc694e0bb6b58dcae0c833cbcd18620095bb4c

HTTP Headers

GET /clicks/chapter2/Rosealbear2_files/img-3.png HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/png
Content-Length: 294
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-126"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MwHCkZPukZKTjz3KxpG5N1g8RlTIJptUJxuut2TUGs%2BnIUVpCWD5muanMZtfYtrgrJqONvlLcpX%2B7xjeTWZK8IPNp7vdXsyCCrexmiV9rG4HOcUOHX0PChkXq10GpFWz88mv%2F4bh"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5bfcfd0b59-OSL
alt-svc: h2=":443"; ma=60

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 06:51:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/arrow.png

172.67.145.167

200 OK

289 B

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/arrow.png
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 18 x 19, 4-bit colormap, non-interlaced\012- data
Size
289 B (289 bytes)
Hash
9284cc2371801ec8236759db3a6f6d44
f7d47b2de3093dd20e669829da19f513dcdea11b
56b0b32028571b13ce7ef422145c550fefbb43b2266cc9f70d4b7f5dd968205f

HTTP Headers

GET /clicks/chapter2/Rosealbear2_files/arrow.png HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/png
Content-Length: 289
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-121"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tgSfagWufaFPWRcfAqX8Aq0zRNKaMcbqhYFjKEzMcQcXstHJzGXYxpv%2BdYmI5OxYy7lJ7p251Bcgp%2BUu%2F6W3MYbZ7FZ65j6qjjDIGdPygjZGZWL5VPq4TteF40w5JptE96DhUgSB"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5c5f130afe-OSL
alt-svc: h2=":443"; ma=60

www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/valid.png

172.67.145.167

200 OK

838 B

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/valid.png
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 160 x 40, 8-bit colormap, non-interlaced\012- data
Size
838 B (838 bytes)
Hash
18277457e4fdfcbc286f601b55a9c40d
44c437799c25c353f0101798580706ca25bd1b94
36dbf76119f6343e090429aec3d924f082b3c1dd9f936e8205bfa64d6222510f

HTTP Headers

GET /clicks/chapter2/Rosealbear2_files/valid.png HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/png
Content-Length: 838
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-346"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zKBdZJRl6%2FZqcGCHbnKdrtF71qNCAvcm00sMUtqlR2e%2FIqFZtUrNeIR%2FaYP5c3Hea10NduCsjWlZA%2Fzq%2FY09nFm1%2BE7X89m%2BVathN568R%2BaLwcfn7YVI6J7FuOIB7A9YlWo%2BmVfj"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5ca9fd0b31-OSL
alt-svc: h2=":443"; ma=60

www.prayroll.sa.com/clicks/chapter2/fonts/fontello.woff?45898082

172.67.145.167

404 Not Found

153 B

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/fonts/fontello.woff?45898082
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
153 B (153 bytes)
Hash
706a98254456810d3e849c3957af9d01
e461d072a6ba8f0082d6f187eba7f053343529c6
8351c0267c2cd7866ff04c04261f06cd75af9a7130aac848ca43fd047404e229

HTTP Headers

GET /clicks/chapter2/fonts/fontello.woff?45898082 HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/fontello.css

HTTP/1.1 404 Not Found
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yjtir0uGqBE4%2F84kvA90%2BniOpPoOInHqrUEJ9GUdJRDzAVaSuQ4SONFoLAQYW%2BjFSEm7VBSXIMOKH47W1BrJcQLSRGFLeH0kMLiFQgh%2BsiLud0i2t4IA7EwnT5mj%2Fc8I3teDbWss"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5d0de70b59-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1d8c13822611aafc78b6c87ab4ff7b79
6b222b487151f5437c83b4c67fd66f417be09546
4d4ff9bffe6f4e26ed337b0a621dffa9e8e3e767a9a399904e429e3400cb96d6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4D4FF9BFFE6F4E26ED337B0A621DFFA9E8E3E767A9A399904E429E3400CB96D6"
Last-Modified: Sun, 02 Oct 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21518
Expires: Tue, 04 Oct 2022 12:50:11 GMT
Date: Tue, 04 Oct 2022 06:51:33 GMT
Connection: keep-alive

www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_8.jpg

172.67.145.167

200 OK

62 kB

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_8.jpg
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 770x440, components 3\012- data
Size
62 kB (61753 bytes)
Hash
6edf8643b514603690c06de8ea3e4129
91512b3ccd19830c07e45daee88a457570271229
ae6dc96b4556a07b5074c30d69e4b12a2e10716043ee6614d634fe4cd9a224a4

HTTP Headers

GET /clicks/chapter2/Rosealbear2_files/content_img_8.jpg HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/jpeg
Content-Length: 61753
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-f139"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fm1n6ICcrVis27qtyn%2BpAR8824YoUmVUNQRHM32U%2FAvi8Ps71iXbb1%2Fas6VD9rXzbHH9od28fUhwEvifTiIvlP6EpEjgZ%2BKV%2Be99lh0%2Byx7S%2FU4cKT0II3gs3AD6cB5oV0sClBCJ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5c6f0a1bfa-OSL
alt-svc: h2=":443"; ma=60

www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/top_img.png

172.67.145.167

200 OK

180 kB

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/top_img.png
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 624 x 605, 8-bit colormap, non-interlaced\012- data
Size
180 kB (179725 bytes)
Hash
029dd9292628872efc08c2398578c6e8
465806088f465ab0a1901621cc25771aa6126f0e
37590258e5a3035b9cf3f38f1ef11090942c3895559753f622a2ed9707b395ab

HTTP Headers

GET /clicks/chapter2/Rosealbear2_files/top_img.png HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/png
Content-Length: 179725
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-2be0d"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2dPdxB5%2FcdNbOgHmwIHx8%2FmEqofx3tieo%2FecUR76xjqAdY5P7jICpyjws04drXRjNCBG%2B43s0GJeT18xpeUnlL%2BUEmZiYREeNXymjD8wXufZ0q37Q%2BLYZ1E67yIiQbQR60Q%2F4WCz"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5c5ec4b50f-OSL
alt-svc: h2=":443"; ma=60

www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_1.jpg

172.67.145.167

200 OK

91 kB

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_1.jpg
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 770x440, components 3\012- data
Size
91 kB (90632 bytes)
Hash
a905e5411833c4631ecfda393a509db3
17dd38c12a54efffb10cdb2b1c6480ae01002ed7
9a22d24847681f53aa3ea530cd1c855190cd5f687b0f2a5e4cf98237dbb0d2e4

HTTP Headers

GET /clicks/chapter2/Rosealbear2_files/content_img_1.jpg HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/jpeg
Content-Length: 90632
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-16208"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bN5Hg4J8fKivCcKdyOBd8KYlEUaSRGwOWDXOjam2%2FfhXezDzAALbqFwnemOevnFqGfoAcfdZasp46pD9i8Ch7X2OEdIMQEP%2B%2BjyzAgZTG7B7leKMBmBKPmw7VlcT1mRwSfSUW7Yg"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5caabeb505-OSL
alt-svc: h2=":443"; ma=60

www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_5.jpg

172.67.145.167

200 OK

92 kB

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_5.jpg
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 770x440, components 3\012- data
Size
92 kB (92034 bytes)
Hash
3e7500b87b9bcf16a1b82d302be69ff7
10b61015be6f5ac86c28f468e0fbda9dfa497821
acfa44424d2d360c7f163559f8ab7e43c87ef50402a375f7f12815c9e097fe5f

HTTP Headers

GET /clicks/chapter2/Rosealbear2_files/content_img_5.jpg HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/jpeg
Content-Length: 92034
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-16782"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 1751
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AxwSCWPjyecufpDC4gZfqAJiAy6HZudYgY4kY%2FFtjJKJcRSedgtieEm4Pi2IWLzfQ%2BjeJkYuWRiuxtJXCaM8PqsOsEfF%2B70ypD8JJFgxSe5dyulPZVyT1KW1p237I5cj6IDATHtI"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5df8dcb50f-OSL
alt-svc: h2=":443"; ma=60

www.prayroll.sa.com/clicks/chapter2/fonts/fontello.ttf?45898082

172.67.145.167

404 Not Found

116 B

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/fonts/fontello.ttf?45898082
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
116 B (116 bytes)
Hash
d6e62b966693d7822072903ae8310d00
2de307cf4db56a090d7633f2da9ce6d224f6ffb7
36bd7d3c61ddaa2cfd74438dfcc2552f527a5299abc17957073a05d4b1d5cecf

HTTP Headers

GET /clicks/chapter2/fonts/fontello.ttf?45898082 HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/fontello.css

HTTP/1.1 404 Not Found
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j0o9mZGrP4VaW1Zp%2FsOF5DdVN3O4KwBIO2X5oUS4eG9a1I1pEeMFbViwcqkb%2Flo4njahSAr5WAwxoe9bdIGfn0XEivDqmp7QkH6%2BXfFhFIgROh%2BpGdi0NrUatprYLdTXjvMLobeT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5dc8031bfa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

hypertechx.com/ps//templates/Pixel.iframe.php?net=2979&aff={AFFID}&sid={SUBID}&cid={CLICKID}&type_detect=retargeting&prod=rosealcutebear

207.154.203.102

200 OK

92 B

URL HTTP/1.1
hypertechx.com/ps//templates/Pixel.iframe.php?net=2979&aff={AFFID}&sid={SUBID}&cid={CLICKID}&type_detect=retargeting&prod=rosealcutebear
IP
207.154.203.102:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
92 B (92 bytes)
Hash
1d70ef45582c344c6ce7a88da3042424
6af8dfb071d50ccc65aa7d12c184a0cad218b913
04b3828c54adec784e53b1ef995cec191c197a820e73ebb98718f3c418a067a4

HTTP Headers

POST /ps//templates/Pixel.iframe.php?net=2979&aff={AFFID}&sid={SUBID}&cid={CLICKID}&type_detect=retargeting&prod=rosealcutebear HTTP/1.1
Host: hypertechx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 04 Oct 2022 06:51:32 GMT
Cache-Control: no-cache, no-store
Content-Encoding: gzip

www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_2.jpg

172.67.145.167

200 OK

52 kB

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_2.jpg
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 770x440, components 3\012- data
Size
52 kB (52404 bytes)
Hash
6124e5518e11d807eb80e1cd077262ba
c83380a6f1a54286df12d4171611872d99493151
13613ef8211578ce3d308c300cee8fc35ef9db5e4bb75e38e9bcf092c9e74566

HTTP Headers

GET /clicks/chapter2/Rosealbear2_files/content_img_2.jpg HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/jpeg
Content-Length: 52404
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-ccb4"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vIjRWjzdrNnm6v6f5W8pLj2gqoTx7A9XG3o8nbEDxYCZcxMvkOgIXFVujWlc11dSAs8duNGB9POpF3qkGSsGDsbsJrHSkG%2BDMkCX9eXM96HvRzoGvGB%2FQ98cvPUhmRnWyoO6vjjh"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5d580c0afe-OSL
alt-svc: h2=":443"; ma=60

www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_4.jpg

172.67.145.167

200 OK

65 kB

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_4.jpg
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 770x440, components 3\012- data
Size
65 kB (65444 bytes)
Hash
a3358ba5fd7ece7926640d6b9ead7f6c
d2c88ac2ab3a0a95efef69114d98d5fd580759e0
21e0da1da05c6fe3e6b5d9821de45ce576c6cedd846c53e2bb562d93df59c63f

HTTP Headers

GET /clicks/chapter2/Rosealbear2_files/content_img_4.jpg HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/jpeg
Content-Length: 65444
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-ffa4"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TTGIhWzHx4EVZX0UvO5%2BslKDn6YEa6B4yPVhyzcPQs2k73%2BgdEuAID9rn37R8UkePEytBZjFlrYnG2rdZmp%2BdV0zdmgGI2G8sQ4wmT4BOVT50z9LF3DvTX9Y06ezo5Lf42gR%2Bcup"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5d9e720b59-OSL
alt-svc: h2=":443"; ma=60

www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/banner_img.png

172.67.145.167

200 OK

19 kB

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/banner_img.png
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 187 x 155, 8-bit colormap, non-interlaced\012- data
Size
19 kB (19033 bytes)
Hash
0e296e0df65e7a07403eb0ebaa802118
93a34fe18c0f99579ba7429759dd5463456888fa
9e8a5ba4d77c92a6249b1c868112a6e1fcf1a0090bdb27a4202cf74ad80d13fd

HTTP Headers

GET /clicks/chapter2/Rosealbear2_files/banner_img.png HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/png
Content-Length: 19033
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-4a59"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9CSCCWzKWx%2F%2Fx%2BdVJm24lB7GhsdGeNAWTtOzoHFirYUtoOur6zknaKBFomDUBIjDvcTpq33JmbV8S010QaVJCPidl5RrNZnPaAMHOEUOh4gvV2j8vnAG9hsg3Jq6WgkxCcS8%2Fbqh"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5e08eab50f-OSL
alt-svc: h2=":443"; ma=60

www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_6.jpg

172.67.145.167

200 OK

65 kB

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_6.jpg
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 770x440, components 3\012- data
Size
65 kB (64600 bytes)
Hash
2b1fdc001fde3c8aee2dc4f38d7cba28
76c57160bcf5d64b49018d5510915d903b67b34c
f172bbc39569b63d61d5ba7589f4272c64aa93cade0a9fab5958b99e19bcdfff

HTTP Headers

GET /clicks/chapter2/Rosealbear2_files/content_img_6.jpg HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/jpeg
Content-Length: 64600
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-fc58"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rCP36aycBjmg9D6Nbsz4VNt5FVssnP20xjgp1SBKnHL1yBDJGnVrvQ4JWdbZI5PKqs9Twjs0yjWBbVTq%2Bo%2B0k3O4X56eA%2Bk0RsSxHZKxRAxxm9auWvnRibwB3j6XgfKXmHBZ3eRu"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5dfc22b505-OSL
alt-svc: h2=":443"; ma=60

www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_3.jpg

172.67.145.167

200 OK

116 kB

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_3.jpg
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 770x440, components 3\012- data
Size
116 kB (115955 bytes)
Hash
7634003e6c65ae0ba860389e31fa3f98
40debaf86813ea40f673c26147f61d81306a2df9
625882531849b98ac0cadcaf37a842dbd9badb8e66a2fb6b3aa0ef3ab7fa8fdf

HTTP Headers

GET /clicks/chapter2/Rosealbear2_files/content_img_3.jpg HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/jpeg
Content-Length: 115955
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-1c4f3"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sngWL%2BfkiBmTaGlyyF9wnDZTHhmZXfvS4XZCEErZWEg4PGVpXUwVUUlonP%2FhHeoiwb%2BVvZwBmsqqn8RgbxpG2i%2FdoHaTQFGURBm4afZ2hxrnG767QGwU9GzkFHvk0X26%2Fs2x%2FuY2"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5d9ac70b31-OSL
alt-svc: h2=":443"; ma=60

www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/banner_img_m.png

172.67.145.167

200 OK

22 kB

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/banner_img_m.png
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 144 x 219, 8-bit colormap, non-interlaced\012- data
Size
22 kB (22215 bytes)
Hash
d6ea637fe3810bf2a1a5a8c64db79fb8
2e84b9125dd14c39fef5229501b726e5999f5956
593728b2750109be90b9f485f6574b82a035f1aeb03da08b9349691d30aa0b65

HTTP Headers

GET /clicks/chapter2/Rosealbear2_files/banner_img_m.png HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/png
Content-Length: 22215
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-56c7"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2t5Hpz3RlbG2YrZHNYd8jxCb%2B9iQZt6dfKaN000GW%2B2HDTa%2FhBMf51yqTXcX8UBbCi69O%2BnRIOo7MYo51vm1d5fu38b7p%2Fd9%2FWg6YSj0%2BbELUVFE7ynU2vwhszphnxgAh41KdaBK"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5e184c1bfa-OSL
alt-svc: h2=":443"; ma=60

www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/cart_img.png

172.67.145.167

200 OK

245 B

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/cart_img.png
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 17 x 13, 4-bit colormap, non-interlaced\012- data
Size
245 B (245 bytes)
Hash
a9c8f42db429e81d832e982ed6c6d2b8
86b6c9af64b78bedde25d140a18f29b747ec952b
f5318d67f0717460be562b2579117009d1eb3f6df57523536ca350141f57ff02

HTTP Headers

GET /clicks/chapter2/Rosealbear2_files/cart_img.png HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/png
Content-Length: 245
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-f5"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4OcSOo70Bzo4tHOsO0tPvEPXzwyI1sQuFNnOewyLvpqAhQjV2sDQNHrIe%2FSlHFldCj0UDJ9cHsiFTrg%2FYmL8yvE1A7ZqBeTNYz5hEGkLhlcuWhTzGxhx8gZv9LdniS9Y6qE%2FnmUa"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5ed93e0afe-OSL
alt-svc: h2=":443"; ma=60

hypertechx.com/ps/rosealcutebear/img/favicon.png

207.154.203.102

200 OK

3.1 kB

URL HTTP/1.1
hypertechx.com/ps/rosealcutebear/img/favicon.png
IP
207.154.203.102:0
ASN
#14061 DIGITALOCEAN-ASN

File type
PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Size
3.1 kB (3138 bytes)
Hash
8d9a6188a5d8039cb6673e702843089a
9ea84cc7a749d1f3ecac6d5b9df01b5107839d4e
a42a4f95df0de366dade605621b9e3b8b9aea841d4cfa0cd9d9509701e569dcb

HTTP Headers

GET /ps/rosealcutebear/img/favicon.png HTTP/1.1
Host: hypertechx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/png
Content-Length: 3138
Last-Modified: Mon, 27 Jan 2020 12:49:49 GMT
Connection: keep-alive
ETag: "5e2edc6d-c42"
Expires: Thu, 03 Nov 2022 06:51:33 GMT
Pragma: public
Cache-Control: max-age=2592000, public
Accept-Ranges: bytes

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6199
Expires: Tue, 04 Oct 2022 08:34:53 GMT
Date: Tue, 04 Oct 2022 06:51:34 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6199
Expires: Tue, 04 Oct 2022 08:34:53 GMT
Date: Tue, 04 Oct 2022 06:51:34 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6199
Expires: Tue, 04 Oct 2022 08:34:53 GMT
Date: Tue, 04 Oct 2022 06:51:34 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6199
Expires: Tue, 04 Oct 2022 08:34:53 GMT
Date: Tue, 04 Oct 2022 06:51:34 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg

34.120.237.76

200 OK

6.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.3 kB (6315 bytes)
Hash
206fb65e75dbadf119512f71e0b78402
58ff0bf8ce7528b303d28bab01a80ad721705569
56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6315
x-amzn-requestid: 6aa75b16-32e4-48a7-9fb0-9e3d5528c2d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWSdsHUnIAMFXtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338cabd-742d8a436403683e0cd9368f;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 23:18:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5sAzc5Ewv4g6Wqq6JJiLylG3Jyy_nlWrr5Oteeo6ebEgq7Rvss4XaQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 04:42:53 GMT
age: 7721
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.9 kB (9917 bytes)
Hash
d8c08f8066cc732de8befd6ccd629a95
22aab05208a01ae5def4d63dc145085630f57bcb
f8a560a0563518d992d0bd2655d2b5c406435a18e874ca00b51374d2ff901770

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9917
x-amzn-requestid: 2dff93d9-795d-4885-9b82-610b0d235a82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTGEnIAMF1zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-117afa703663ada75627792c;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: p5nOqBojKO6S-c_DxIu8B3p-NK0pzRHkz0DOPeyv7PQt9h0x1jdtoQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:55:54 GMT
age: 32140
etag: "22aab05208a01ae5def4d63dc145085630f57bcb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962fb2a2-ad40-48cf-87a7-de082c564a5e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8534 bytes)
Hash
f2287c489794dab0e9ba923a2057988f
2b9f6828a38da81b40dcad033572e48b4c5896db
e853fa2acf2425d14cb9746e8bbd45c8765598d2bb630859086b4668182dbf6c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962fb2a2-ad40-48cf-87a7-de082c564a5e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8534
x-amzn-requestid: 8ae51cd3-697b-47ed-8493-8f83e2bc7469
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpHuHlXoAMFucg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5564-165d72034440cf810d42f3bd;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: LPt8LUVoKhXjfz-jZHLmnWD15tQgSLRaxl-Bsl0UU83G7wm3jj7_mg==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:37:24 GMT
age: 29650
etag: "2b9f6828a38da81b40dcad033572e48b4c5896db"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4fcdf5f2-fb82-429f-a6f0-8f79d8aa9106.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9455 bytes)
Hash
50556325e5a38a5dd7802b1391815bcb
cf021352d993967e78552b275424ff139e4ef66c
96fd2e848a45d071e334a8d08c8b89215f80f01f947af6da2efaee72dd16914c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4fcdf5f2-fb82-429f-a6f0-8f79d8aa9106.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9455
x-amzn-requestid: c7e1aa21-0afd-4329-a886-ca52e1a30c7e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcqJXHLUIAMFU1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5708-1905710834041431314b11be;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:41:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: D-2NszpZ31D2YAbZRcPdqN3zZ2ScANt6bokfSbANgnsXBoTF2d__AQ==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:08:09 GMT
age: 31405
etag: "cf021352d993967e78552b275424ff139e4ef66c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fec31ab6c-46f2-4d77-a807-9f14bb5073bc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11955 bytes)
Hash
54b3ef7aa50273b78b59c24511b0c1f9
e2ea2ef6805e391c497e62e101e76a0bdecfce64
296e8954022d5160137b3e02ab5085a15cee7c23cd6d4ca61b36880706062457

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fec31ab6c-46f2-4d77-a807-9f14bb5073bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11955
x-amzn-requestid: ce6bbe93-95b0-4b6e-a8bc-012796485e67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zcqb9FUtoAMF0WQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b577f-59dc0a18523f900a059aa5df;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:43:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: tJwzKfs7HnQ7dVcINwnlzxTChXiEi4JPj8jrS8p5KhurRx_o3ZVOZQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:10:59 GMT
etag: "e2ea2ef6805e391c497e62e101e76a0bdecfce64"
content-type: image/jpeg
age: 31235
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92f8209d-8dc3-45f5-bfb8-151edb23e30c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.0 kB (4996 bytes)
Hash
126f1f4538e5e4228a4f36d3b02e9d62
16f2fe758de4ebf7d654cb9669c73f030eb1fdef
594210beaabbc35a37d5d648836277f950e46b2d4c2eab2abde2d33beafdff37

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92f8209d-8dc3-45f5-bfb8-151edb23e30c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4996
x-amzn-requestid: 2f13b6ea-4426-4b3f-81be-5d8ca0278ce7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcrokFkroAMF0XA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5969-421b4993676a68df2b43ad65;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:51:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0s9K75q7TzjbFBJ3vviHLcItPRb6CP2URJRYs2k9JmppyWHKvzv5hg==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:10:59 GMT
age: 31235
etag: "16f2fe758de4ebf7d654cb9669c73f030eb1fdef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.prayroll.sa.com/offer.php?id=184&sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

104.21.73.147

200 OK

0 B

URL HTTP/2
www.prayroll.sa.com/offer.php?id=184&sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
IP
104.21.73.147:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /offer.php?id=184&sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 04 Oct 2022 06:51:32 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3.25
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7z2PmySfq1tg4winwFMMAA2O8VmmQ0KZ%2B%2B96eAP%2B84jqfj1c1nF9P%2BzJ%2FF7ymqedKDjXwjY1GSaSVlNhv4GJVgU0GwbaIqvL0Oyuv%2B25pLhd32yei8RyclDYXBZ1AFtmXFnGweOe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 754bfd57f8e0b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_7.jpg

172.67.145.167

200 OK

0 B

URL HTTP/1.1
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_7.jpg
IP
172.67.145.167:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /clicks/chapter2/Rosealbear2_files/content_img_7.jpg HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe

HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/jpeg
Content-Length: 93953
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-16f01"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 1751
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Xw4lUaqrkzmZMmidmxVPdj7NvtEWAWIjLII%2BACezyUOfv3yxRjIjJ6fLu3kIeVICvY%2F6MkCCSyaGqy2kmAw1ZF95L7J2d1tKmRSjxpqAA0ae%2B%2F34X1Z3x%2FIkDYnyQiio11qTMpn"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5c69bd0b31-OSL
alt-svc: h2=":443"; ma=60

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (77)

URL HTTP/1.1

IP

ASN

File type

Size