www.prayroll.sa.com/ypmipjicmkl/gciwc876806maxvjavlg/fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
172.67.145.167200 OK 546 B URL HTTP/1.1 www.prayroll.sa.com/ypmipjicmkl/gciwc876806maxvjavlg/fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
IP 172.67.145.167:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (318)
Hash 6743677a45dabb4c2b853b5302fb2ac9
925adfcb7fd5298aa2e590fc1f134a3b692b1cbb
842d8ce736c002713af89d78f498cf1b4b94de5688db9beea2656730ca10b565
Analyzer Verdict Alert fortinet Malware
GET /ypmipjicmkl/gciwc876806maxvjavlg/fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.25
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J23%2BbzVtGAWOVetGk3MMJ6KWs2OrTXh8prvLmdiKLuK4HYDI4YflU%2FLspStBQttlil4k5uELHTDwtbh4h2wVBF%2F6U6gHJEaL3YRkemRdF9CKS%2F%2FmsCXC2wvxQo%2Fbn8QOs0G63e7f"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 754bfd52e9d90b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
18.164.68.8200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 18.164.68.8:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 04 Oct 2022 06:04:12 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 86897b9f074001e33ff5cbec58c4bc02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: 2-P7iLUCzJ8jrDS8wOTprfX-rs3ocwXYtGi2Ov9XTm9rITC8sgFdhg==
Age: 2839
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9955bda9c9ef64bc5700a14af0bae25e
8de7b7469e905af0374bdfcc3006bbb844f13e94
1f611155394fac39439b8ec8217d8cd493d6b588d372d264e0d66c03129c50c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F611155394FAC39439B8EC8217D8CD493D6B588D372D264E0D66C03129C50C6"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7044
Expires: Tue, 04 Oct 2022 08:48:55 GMT
Date: Tue, 04 Oct 2022 06:51:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a1073a68ed38c8e3575e889224db944c
ee2a7a3e2da77a8540131f9ffaa0a20d4dd486bd
a9fb1f7ade7c8a79d2ee83e9b7215e66dc89ac733b11079297a8f4b9aceae1f5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A9FB1F7ADE7C8A79D2EE83E9B7215E66DC89AC733B11079297A8F4B9ACEAE1F5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5123
Expires: Tue, 04 Oct 2022 08:16:54 GMT
Date: Tue, 04 Oct 2022 06:51:31 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: euEokuY8Z/xt9rwY4nzNO49mAulpczUomUcZzqIpLWf4G5/m1JO9h5YcwgaEyX+03h/sNAM7XU0=
x-amz-request-id: VSE8G9E1R2TJBZ17
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 04 Oct 2022 05:54:02 GMT
age: 3449
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 06:51:31 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5ba23234dfb31276cc3bf9a347508595
a225d0a9ecf5d7f0032816c6f3d4a5ae1f3b27a3
33558bed4856ac3f2a7267965521b316ccd3ccc669877994c6c590e2d2a1b559
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 06:51:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-22484186-3
142.250.74.168200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-22484186-3
IP 142.250.74.168:0
File type ASCII text, with very long lines (2039)
Hash ef377c5b03b7638d95472749b34c5f9c
03a1969e6ade49ca3a73dfdf233bd08062b98537
0dcf25022ddd87127254abd506547dc3596d244e2911e62d5a0d14e9157bcda6
GET /gtag/js?id=UA-22484186-3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 04 Oct 2022 06:51:32 GMT
expires: Tue, 04 Oct 2022 06:51:32 GMT
cache-control: private, max-age=900
last-modified: Tue, 04 Oct 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42388
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5ba23234dfb31276cc3bf9a347508595
a225d0a9ecf5d7f0032816c6f3d4a5ae1f3b27a3
33558bed4856ac3f2a7267965521b316ccd3ccc669877994c6c590e2d2a1b559
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 06:51:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.prayroll.sa.com/jquery-1.11.0.min.js
172.67.145.167200 OK 33 kB URL HTTP/1.1 www.prayroll.sa.com/jquery-1.11.0.min.js
IP 172.67.145.167:0
File type ASCII text, with very long lines (32341)
Hash 95fe3f4dd117c33f6015e1c3d6df1d0d
d5b8856932d1ea63f51824de0bb50670d2e960bc
e6945ac3f1927f242a9fd7a5cf67720f7763888127a7427eb24ffc52019d4b16
GET /jquery-1.11.0.min.js HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/ypmipjicmkl/gciwc876806maxvjavlg/fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:32 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:03:39 GMT
ETag: W/"62e8238b-1787d"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=er1OR79OsEA6dAO90esVL%2Fxkf78k3Sh2R%2FuN56WL1nVAj%2FsAcxdKBbk6TulGcphX88ZuyJdRdVb%2BBJ1b4WHB%2B8vfEtuXWTYiIirB8c7JZYr7a0lmodfz%2BM1tAj44RExUroEGYHjO"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd54eb4f0b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
18.164.68.8200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 18.164.68.8:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Tue, 04 Oct 2022 06:32:53 GMT
Expires: Tue, 04 Oct 2022 07:12:21 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 49e8093d0b1ec293275e8b264631ad18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: 83T9yCMtiGQNAqPsTo85QLgQyT86jHeWHcPrcmaiVs9CCfgFiEhxaA==
Age: 1119
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 231f898520c3df2cd213b93aed1eae4f
c0954ae1cb28a68a819d9f70a3e22731892bba96
b4560537dbbd03c22db84351b4f7543eca4448eba3f85c2054d7c7a0e4067fcf
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "B4560537DBBD03C22DB84351B4F7543ECA4448EBA3F85C2054D7C7A0E4067FCF"
Last-Modified: Sun, 02 Oct 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21582
Expires: Tue, 04 Oct 2022 12:51:14 GMT
Date: Tue, 04 Oct 2022 06:51:32 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 231f898520c3df2cd213b93aed1eae4f
c0954ae1cb28a68a819d9f70a3e22731892bba96
b4560537dbbd03c22db84351b4f7543eca4448eba3f85c2054d7c7a0e4067fcf
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "B4560537DBBD03C22DB84351B4F7543ECA4448EBA3F85C2054D7C7A0E4067FCF"
Last-Modified: Sun, 02 Oct 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21582
Expires: Tue, 04 Oct 2022 12:51:14 GMT
Date: Tue, 04 Oct 2022 06:51:32 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 321fa9a78e31dcb66601ac5890bfba73
c325580db79bde6fd00d2d0c7e3f675e4c0046bb
83029b324b4c36522ae47eef9614c124b0ad2994de412d7ea82f990ad8ae9d92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3555
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 06:51:32 GMT
Last-Modified: Tue, 04 Oct 2022 05:52:17 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
172.67.145.167200 OK 6.8 kB URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
IP 172.67.145.167:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (794), with CRLF line terminators
Hash f66cf2114da8dbc150f09816f1032d0e
949d3bf3b9482d414d5af5338c83534778d8b56f
782ccfe21e7f697294f713e44e90a41ce8c44761f11f27fa800f2558d264e25c
GET /clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.25
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=egKm4688lZhfiQav9oIAH46ihmkBI20US22%2F8dWvrGXiqKhX6tX7yi%2FZZ3gj9bJNjBkcI4Xptj03HIog%2B5Cs25GzxhQ9C4lgyt4FncTrNUBlCogvpdcC6EOTocRkKUAhmxupiBgu"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 754bfd591f050b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/fontello.css
172.67.145.167200 OK 362 B URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/fontello.css
IP 172.67.145.167:0
Hash fa15172488a6d5c1b4071c496f2a1cea
6651c83e1ac3023e652d950af44a98d45e3e8b1d
95f7ddd9b2e97857d6b283da41709a8ec905c2901b7f01a1059b9bb4ee2f31c8
GET /clicks/chapter2/Rosealbear2_files/fontello.css HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:32 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-3ff"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IoVqwTTd%2BFRPHvdY1bXA64FMgftllZmlydqOjTywx7dynDMtSym8neiSlhAwAA%2FSTLJOhUrMKvuA8H%2BdulHQBUXnTopkXeyP6M%2Brwa48HpgIE7ywwniYTnj78sw%2BQxlCQqBuxgjg"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd59cd3b1bfa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/css_003.css
172.67.145.167200 OK 571 B URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/css_003.css
IP 172.67.145.167:0
Hash 7e39e166104fc03ebc556c52b4a1dbd1
1fb21c5d048e2f4796462220b772088608ae728e
b8b3a9db82c45b6fe8c909b367e5add84657b8c3ab63fdc8c965094ee548d33b
GET /clicks/chapter2/Rosealbear2_files/css_003.css HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:32 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-1938"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YrO4T1lA1NutlnI3pOZTDryTfsdjW8hhMgIo3Nly5a5SrgdOwptE0SjAp3pxMwZTyjjp57QWV9qcBKChrqF8sYbrIp7WnBsedaoYOBQJMWzP8lBWkJPtdWGNWs9%2FeSlRRC8BnP1u"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd59cba0b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/css_002.css
172.67.145.167200 OK 777 B URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/css_002.css
IP 172.67.145.167:0
Hash c5072e32da3737607634298a7b205cf0
4b8d40a83ac2ab6499788050ceaf33ffb195185c
a55a4206866eb7dd312de9b4c1a6c6ee737d967c5bc13dceb7793bf28f20ec5f
GET /clicks/chapter2/Rosealbear2_files/css_002.css HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:32 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-352a"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d1O8%2BjLb11QQ%2Fed6HhZNmk2lK7vaPwP8EVVhcJr1nW95fmLq5A7GCmN4vSMc3PXIkzT8h9hC%2FAQ0XI1HyTN9bxzgC%2BlBbQmP%2FBxCWsAutMiSBQdElytOkkfc0%2BIU7ieUo6XJS2XB"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd59c810b505-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/css.css
172.67.145.167200 OK 1.1 kB URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/css.css
IP 172.67.145.167:0
Hash a116a37be9b0480bef6fdd76cfec6448
a147112fae99b8420fdf2549dd7a7d97ecca8975
04693ca007679e84b975e32e03bb5a7cdc35a2c3d7f023f1ec9f7bec0dbe75ef
GET /clicks/chapter2/Rosealbear2_files/css.css HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:32 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-62d3"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UVy6h9bQBh3iXlf1CweH2CXNAScGySXZK0%2FtJVMKXgp%2FNwW8vOCUs0SIzi2MYWEdLVpXESRbGj%2BNsaXt4Uc57ZjH31E0zcF33wa1nvFK9VfY3OyDkOa6eNdcVDJmCR5kA5%2F5LQe1"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd59ca6d0b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/style.css
172.67.145.167200 OK 3.9 kB URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/style.css
IP 172.67.145.167:0
File type assembler source, ASCII text, with CRLF line terminators
Hash 62b2d2be03b14deef0cdf9773cdb6f45
28ded02254cd4d8a2aa8230d7ecae82a0e084cf4
27079488d20ff7b332208f04732a188aba343bb632cf5428cee9b691d7eb6d8f
GET /clicks/chapter2/Rosealbear2_files/style.css HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:32 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-4c0f"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ooLySzr3KOICoi8LYBlsNIMHZPN6h37FzB7b3P3MVGmUux46aVxaK7Iv6UzBtPFsg9Pp%2Ff4SQaWUDtw6tuk2HFvfz%2FOiV3lwC%2BA%2FLQ5ZLnVdN71I35IQk5prY4lkkNUie1odfLqn"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd59dcd20afe-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
push.services.mozilla.com/
52.43.46.140101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.43.46.140:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: S+nj1HC3szb/yUpXEFxZTA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 9bDX8b2DexArwO802HW5QyAEwqA=
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/bootstrap.css
172.67.145.167200 OK 20 kB URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/bootstrap.css
IP 172.67.145.167:0
File type ASCII text, with very long lines (65371)
Hash ec33cc046e01c53aec64024058d8de78
d7df0f7a5a950ec42f3f950d5a4eb5dfa0993aa0
73fdef7c62fb183ccf51e35598666c094b3a3b92de0160fb946a708fb1c0f1b9
GET /clicks/chapter2/Rosealbear2_files/bootstrap.css HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-1d970"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d1uGBL3DYx30sXQ6sPWF9peWRyD2egX%2FU8ywCzzHKrQeujYOgmPlW6bIVF782kj3HiVibmuTYD5L7GSVfrOD0CLPJudUI%2BM4zIoOtcjeYwXUMSRfCpDHrNf3bcaEv4vHNkjlmTTT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd59bf980b31-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/main.js
172.67.145.167200 OK 762 B URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/main.js
IP 172.67.145.167:0
Hash 26566d64b797ad741a932e00c23e3edd
4ebdbc0c6f77a5697e9494b8fe3a650b6bc64719
40421508ddb2aeb8d1551597153e38ad08caa916518e3b3417741fa0b668ecb2
GET /clicks/chapter2/Rosealbear2_files/main.js HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-981"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TUbEsmtFLLEZ%2F%2FXG%2Fp7%2FJJmOie49KV%2BaMxbEcBA%2Bi8933IOi3Op4s5NZ%2FcsXjpLhm02nSFfIShbpl0sCNbR2y4AHGRf8F4TDoCgcWmhyrzGb30NBAWGejtvGNP5Ryf9nRWKO%2B%2BIh"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5af952b505-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/jquery.js
172.67.145.167200 OK 678 B URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/jquery.js
IP 172.67.145.167:0
File type ASCII text, with CRLF line terminators
Hash 98ac02ce748fd8b53d3e80cbfe705601
6625c6a4baddbbc4498f83ac01f9afdcd200c737
3a28afa43216be8d653146694eca8369f219a724d092edb8bf8c9ae703a174c0
GET /clicks/chapter2/Rosealbear2_files/jquery.js HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-5da"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m2WX8ePR%2FSLjfw9hBREczQ9mGUZWDvioSbD%2Fmev0ctMUuTufK3%2F%2BcBL9xhA3OZut93KkKoB2WyJOw3OgxEH%2Fbl0mw7sUQvRoIKjI102ejM4TcvUYrPVayA%2BUTaofolxAm2lW5LJU"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5b0c250b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 06:51:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/bootstrap.js
172.67.145.167200 OK 9.8 kB URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/bootstrap.js
IP 172.67.145.167:0
File type ASCII text, with very long lines (32033)
Hash 5001f34e4d6720378751012dedda52d6
d582a3fa4a2772626a934ade1489dc5e5f97a845
3cbb8f3723828476519f646eed5cd50a490f1cb1a03b9c2e92ad2a749c1dbf5a
GET /clicks/chapter2/Rosealbear2_files/bootstrap.js HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-90b5"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=54XtU9xrDIKsYOQm6IUI%2B8glVtltq5wEK12WSk2fTjtOCrOsf3zojZK0gjQuBe3M%2B3NL7Q8r%2FeJeQK9zSyY4IhCdCcBQSQzNyw6YcSfzbH6BXLottyeHEdiYpOVXt6IjyFWsC2vN"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5accd3b50f-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 06:51:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 06:51:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15736, version 1.0\012- data
Hash 479970ffb74f2117317f9d24d9e317fe
81c796737cbe44d4a719777f0aff14b73a3efb1e
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3
GET /s/roboto/v20/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15736
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 13:35:36 GMT
expires: Sun, 01 Oct 2023 13:35:36 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 24 Jul 2019 01:18:36 GMT
content-type: font/woff2
age: 234957
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/logo.png
172.67.145.167200 OK 3.6 kB URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/logo.png
IP 172.67.145.167:0
File type PNG image data, 198 x 44, 8-bit colormap, non-interlaced\012- data
Hash 4e82c9ce56997d98107cad1636373b7b
0f54b8a9398d4c61d77be77fe6d507c305849abf
b4ee829d80f8ab9bf4862b2c85178b22e770ddf6601af0fbcf057bea8fa42821
GET /clicks/chapter2/Rosealbear2_files/logo.png HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/png
Content-Length: 3573
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-df5"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qLYr%2BkDP4sBQpspSASzo2nMlsUu8RmGK4hgZbqkxe4%2FAWHa12vhcsnP06r%2Be%2Bjol%2B%2FnDErN%2F%2FVHNVXSyr7cR90buEbZjbYekO0nMQMBpoAUqngaXxDRk2OGAnV4Ck%2B%2FjZLvWbZir"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5b68f50b31-OSL
alt-svc: h2=":443"; ma=60
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/close.svg
172.67.145.167200 OK 481 B URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/close.svg
IP 172.67.145.167:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 263717a7c89bd0ec940573fed33e7a89
7e4f19944dafd279f77ce709bc529ce40a0c28b0
664cb275632ea66b8abf5ed6d16a8099b4f317074f32b63b7754d05bd90d4d28
GET /clicks/chapter2/Rosealbear2_files/close.svg HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-364"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BISvYLQaiGvOzFk8otyF9FVdj1pjyM9VC7MHptzTRFBfiHJlE8Pd7MqiaO%2FLHNDdwSrYc%2BX2f2n3lokFHCFjRvbROyhmGoPtuEvaVdcZP7Y%2BuzTQdGpu%2BCujvW0iELJVuNem1X8%2F"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5b6e460afe-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
fonts.gstatic.com/s/worksans/v5/QGYpz_wNahGAdqQ43Rh3o4T8mNhN.woff2
216.58.207.195200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/worksans/v5/QGYpz_wNahGAdqQ43Rh3o4T8mNhN.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 24032, version 1.0\012- data
Hash dd4fdc27521a8dbf8c5fb5d3cc1e759d
8100052d2765ac23cd3c8c7b267810e789f6b72c
01d902cdabc6ff88c288546422496ce3267cb0de2623156bb2b200e41d6df709
GET /s/worksans/v5/QGYpz_wNahGAdqQ43Rh3o4T8mNhN.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 24032
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 12:47:07 GMT
expires: Sun, 01 Oct 2023 12:47:07 GMT
cache-control: public, max-age=31536000
age: 237866
last-modified: Mon, 22 Jul 2019 19:18:47 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 06:51:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
216.58.207.195200 OK 9.8 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 9760, version 1.0\012- data
Hash 9d484aa99b936dfe89b6b12df530d138
41298a7f6caa8e6a22919cd7bc23faa990734f37
b12b566a4b982d1d9ebdd2f94dbffc73ff39c9f6df112b8752191418538d01e6
GET /s/roboto/v20/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9760
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 27 Sep 2022 17:41:50 GMT
expires: Wed, 27 Sep 2023 17:41:50 GMT
cache-control: public, max-age=31536000
age: 565783
last-modified: Wed, 24 Jul 2019 01:18:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/worksans/v5/QGYpz_wNahGAdqQ43Rh3j4P8mNhN.woff2
216.58.207.195200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/worksans/v5/QGYpz_wNahGAdqQ43Rh3j4P8mNhN.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 24416, version 1.0\012- data
Hash de83f55b9291ee1bd05c8ebfb451e088
6cf8149b31a4b1e97ca7134a87c56d23531a8650
5fa4c180ac3f29bd3eb23a142aaf20ca6202f9dff37308be5c57231fb80a3417
GET /s/worksans/v5/QGYpz_wNahGAdqQ43Rh3j4P8mNhN.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 24416
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 29 Sep 2022 07:56:54 GMT
expires: Fri, 29 Sep 2023 07:56:54 GMT
cache-control: public, max-age=31536000
age: 428079
last-modified: Mon, 22 Jul 2019 19:19:58 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/worksans/v5/QGYsz_wNahGAdqQ43Rh_fKDp.woff2
216.58.207.195200 OK 22 kB URL HTTP/2 fonts.gstatic.com/s/worksans/v5/QGYsz_wNahGAdqQ43Rh_fKDp.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 22488, version 1.0\012- data
Hash 238c66f0f32567f8b025fa462b139235
a27f5e36161c6194a6f8a135e9e0056028bf3128
29a23ea4b518625595ed555e8edc2e32119a305df5bfecacc1ac38df8a384f9e
GET /s/worksans/v5/QGYsz_wNahGAdqQ43Rh_fKDp.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22488
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 02 Oct 2022 19:02:21 GMT
expires: Mon, 02 Oct 2023 19:02:21 GMT
cache-control: public, max-age=31536000
age: 128952
last-modified: Mon, 22 Jul 2019 19:23:43 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/jquery_002.js
172.67.145.167200 OK 30 kB URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/jquery_002.js
IP 172.67.145.167:0
File type ASCII text, with very long lines (32058)
Hash 165a43244de5b28bfdb9422e0ad82b68
dd12888e259036e6c6986a0c65a3b3e38b697f54
200e3fccd025dffd3f7c6ad186f87ea51737db6c85e279b0d8b9626ad7ce1954
GET /clicks/chapter2/Rosealbear2_files/jquery_002.js HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: W/"62e823e4-15283"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gBXnm5%2BuCxfyuw%2FvxBmskhOFF%2FdWseCDeOtG0stnN8oWoeCSkwQtdQz%2Boudg4QUuig6MfZJB0c4sH1tYUz98sJuPoH0qxWzQMUZC0bDXu8%2Bp4HTWQ4mj6wcZpuG%2F%2Bwt5HM8CiSga"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5acdb41bfa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
fonts.gstatic.com/s/raleway/v14/1Ptrg8zYS_SKggPNwJYtWqZPAA.woff2
216.58.207.195200 OK 21 kB URL HTTP/2 fonts.gstatic.com/s/raleway/v14/1Ptrg8zYS_SKggPNwJYtWqZPAA.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 20864, version 1.0\012- data
Hash 77d77f36bed0a452984832f6b5f22e3f
787b42ec8f4a44925270d81a9fdeda0ba69ba707
0a654aef5d8378e00c1a8a8e6876a8e4246b41cf46a3cabf1bf495617ca4086e
GET /s/raleway/v14/1Ptrg8zYS_SKggPNwJYtWqZPAA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20864
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 02 Oct 2022 18:46:18 GMT
expires: Mon, 02 Oct 2023 18:46:18 GMT
cache-control: public, max-age=31536000
age: 129915
last-modified: Tue, 23 Jul 2019 03:47:36 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15816, version 1.0\012- data
Hash 2735a3a69b509faf3577afd25bdf552e
8621aff863b67040010ccc183da5b9079ce6fd1d
b4d07892cde715d50bb69c1982df496385d1dfd8f9d1867c31f19a3c8634cfae
GET /s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 04 Oct 2022 06:03:10 GMT
expires: Wed, 04 Oct 2023 06:03:10 GMT
cache-control: public, max-age=31536000
age: 2903
last-modified: Wed, 24 Jul 2019 01:19:00 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.prayroll.sa.com/clicks/chapter2/fonts/fontello.woff2?45898082
172.67.145.167404 Not Found 153 B URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/fonts/fontello.woff2?45898082
IP 172.67.145.167:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 706a98254456810d3e849c3957af9d01
e461d072a6ba8f0082d6f187eba7f053343529c6
8351c0267c2cd7866ff04c04261f06cd75af9a7130aac848ca43fd047404e229
GET /clicks/chapter2/fonts/fontello.woff2?45898082 HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/fontello.css
HTTP/1.1 404 Not Found
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9hUjeoVk8twFPQqzBNwjGzFsZTuyiVXOEqFTwxAjb5VFPgTZ9FORKJ6u9Q71pUEUeXZdmdy%2FY1%2B%2B%2FSBmzeOim5CDgGisVoRP7xAGdsieBePQUqn%2FDzp0GYI7L6bvGVB8qgATyg0v"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5bfa2ab505-OSL
alt-svc: h2=":443"; ma=60
fonts.gstatic.com/s/raleway/v14/1Ptrg8zYS_SKggPNwN4rWqZPAA.woff2
216.58.207.195200 OK 21 kB URL HTTP/2 fonts.gstatic.com/s/raleway/v14/1Ptrg8zYS_SKggPNwN4rWqZPAA.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 21164, version 1.0\012- data
Hash 6a9b9c422e662a18013ee064fd789213
dbd7535cca2552efef08a77d11956652cc09bcd8
ccffda12d4002d59565466849044e53ff6734de84baa233f12a725662d8f8681
GET /s/raleway/v14/1Ptrg8zYS_SKggPNwN4rWqZPAA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21164
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 27 Sep 2022 07:06:34 GMT
expires: Wed, 27 Sep 2023 07:06:34 GMT
cache-control: public, max-age=31536000
age: 603899
last-modified: Tue, 23 Jul 2019 03:47:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/worksans/v5/QGYpz_wNahGAdqQ43Rh3x4X8mNhN.woff2
216.58.207.195200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/worksans/v5/QGYpz_wNahGAdqQ43Rh3x4X8mNhN.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 24452, version 1.0\012- data
Hash 539ed1a07cb8b137b6825efd1789c2f3
6a46045cbc0a5af52f68d8a65a40df4f5cc6ed6e
681a963b7e247c1376a6af7a6e439256600ac932521623f600faa57a59b4fcb7
GET /s/worksans/v5/QGYpz_wNahGAdqQ43Rh3x4X8mNhN.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 24452
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 14:36:28 GMT
expires: Sun, 01 Oct 2023 14:36:28 GMT
cache-control: public, max-age=31536000
age: 231305
last-modified: Mon, 22 Jul 2019 19:23:43 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/right-img.jpg
172.67.145.167200 OK 59 kB URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/right-img.jpg
IP 172.67.145.167:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 340x370, components 3\012- data
Hash d99732520f9cf9d8dceb5eba427bbf7a
bccfd18f099134710852ed7056ab6bac8c8660b2
54be66fc2122141ca45cacc380a1df9ff82b8ae7e317ab630471285f9d07be00
GET /clicks/chapter2/Rosealbear2_files/right-img.jpg HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/jpeg
Content-Length: 59003
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-e67b"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 1751
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=82I9xWSP7IL4%2FZkwjK9AiP%2Fr%2Fd%2FO7zp278OLFTEUI2OQxNH3FLVwymZT1WbVxSJqmM5F4BU5H%2BuuCDeAeJnFqvU9FpxVmprTNTdtCfNHervVPyNbkF8sabu9R26ofJ3n9Mpdox79"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5c89e60b31-OSL
alt-svc: h2=":443"; ma=60
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_9.jpg
172.67.145.167200 OK 98 kB URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_9.jpg
IP 172.67.145.167:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 770x700, components 3\012- data
Hash ffdc5a8e61e0454b2df629887d88af72
cc88f0e1d83d1aca7cecf9912dfee09ab3e4b7f0
f52e14cc232b1844f833b1a324de1e84fcac0ca3e133a3f23e6793f7f1e914d6
GET /clicks/chapter2/Rosealbear2_files/content_img_9.jpg HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/jpeg
Content-Length: 98394
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-1805a"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 1751
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QNvbm5isoZ7%2F7klEvSpeQY5UOOvKVSsvlMocd2Q4LPhVNoh2auJw%2FEwJSQXRY6cduZcKEKaoSsNMYi4jeLdHXZFPMrD28K%2BXVTh%2FkZppJwlak2gRbu9wgO4wwR74a%2Bq1b%2FceD76z"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5c7aa4b505-OSL
alt-svc: h2=":443"; ma=60
fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15872, version 1.0\012- data
Hash 020c97dc8e0463259c2f9df929bb0c69
8f956a31154047d1b6527b63db2ecf0f3a463f24
24369e1b2461af9dcefecaf9cc93d64cf22a4c5bac32506100b9e21014507bcf
GET /s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15872
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 03:08:56 GMT
expires: Sun, 01 Oct 2023 03:08:56 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 24 Jul 2019 01:18:37 GMT
content-type: font/woff2
age: 272557
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/img-3.png
172.67.145.167200 OK 294 B URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/img-3.png
IP 172.67.145.167:0
File type PNG image data, 15 x 15, 8-bit colormap, non-interlaced\012- data
Hash 1a1eb2244ef7c179f282719259a6f8ca
16f005c160ae1a4f2ad99ca179ce8ba0c1cc38e1
20afb9c7f93cfda5f7c9dd7005fc694e0bb6b58dcae0c833cbcd18620095bb4c
GET /clicks/chapter2/Rosealbear2_files/img-3.png HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/png
Content-Length: 294
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-126"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MwHCkZPukZKTjz3KxpG5N1g8RlTIJptUJxuut2TUGs%2BnIUVpCWD5muanMZtfYtrgrJqONvlLcpX%2B7xjeTWZK8IPNp7vdXsyCCrexmiV9rG4HOcUOHX0PChkXq10GpFWz88mv%2F4bh"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5bfcfd0b59-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 06:51:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/arrow.png
172.67.145.167200 OK 289 B URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/arrow.png
IP 172.67.145.167:0
File type PNG image data, 18 x 19, 4-bit colormap, non-interlaced\012- data
Hash 9284cc2371801ec8236759db3a6f6d44
f7d47b2de3093dd20e669829da19f513dcdea11b
56b0b32028571b13ce7ef422145c550fefbb43b2266cc9f70d4b7f5dd968205f
GET /clicks/chapter2/Rosealbear2_files/arrow.png HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/png
Content-Length: 289
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-121"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tgSfagWufaFPWRcfAqX8Aq0zRNKaMcbqhYFjKEzMcQcXstHJzGXYxpv%2BdYmI5OxYy7lJ7p251Bcgp%2BUu%2F6W3MYbZ7FZ65j6qjjDIGdPygjZGZWL5VPq4TteF40w5JptE96DhUgSB"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5c5f130afe-OSL
alt-svc: h2=":443"; ma=60
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/valid.png
172.67.145.167200 OK 838 B URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/valid.png
IP 172.67.145.167:0
File type PNG image data, 160 x 40, 8-bit colormap, non-interlaced\012- data
Hash 18277457e4fdfcbc286f601b55a9c40d
44c437799c25c353f0101798580706ca25bd1b94
36dbf76119f6343e090429aec3d924f082b3c1dd9f936e8205bfa64d6222510f
GET /clicks/chapter2/Rosealbear2_files/valid.png HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/png
Content-Length: 838
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-346"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zKBdZJRl6%2FZqcGCHbnKdrtF71qNCAvcm00sMUtqlR2e%2FIqFZtUrNeIR%2FaYP5c3Hea10NduCsjWlZA%2Fzq%2FY09nFm1%2BE7X89m%2BVathN568R%2BaLwcfn7YVI6J7FuOIB7A9YlWo%2BmVfj"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5ca9fd0b31-OSL
alt-svc: h2=":443"; ma=60
www.prayroll.sa.com/clicks/chapter2/fonts/fontello.woff?45898082
172.67.145.167404 Not Found 153 B URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/fonts/fontello.woff?45898082
IP 172.67.145.167:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 706a98254456810d3e849c3957af9d01
e461d072a6ba8f0082d6f187eba7f053343529c6
8351c0267c2cd7866ff04c04261f06cd75af9a7130aac848ca43fd047404e229
GET /clicks/chapter2/fonts/fontello.woff?45898082 HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/fontello.css
HTTP/1.1 404 Not Found
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yjtir0uGqBE4%2F84kvA90%2BniOpPoOInHqrUEJ9GUdJRDzAVaSuQ4SONFoLAQYW%2BjFSEm7VBSXIMOKH47W1BrJcQLSRGFLeH0kMLiFQgh%2BsiLud0i2t4IA7EwnT5mj%2Fc8I3teDbWss"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5d0de70b59-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1d8c13822611aafc78b6c87ab4ff7b79
6b222b487151f5437c83b4c67fd66f417be09546
4d4ff9bffe6f4e26ed337b0a621dffa9e8e3e767a9a399904e429e3400cb96d6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4D4FF9BFFE6F4E26ED337B0A621DFFA9E8E3E767A9A399904E429E3400CB96D6"
Last-Modified: Sun, 02 Oct 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21518
Expires: Tue, 04 Oct 2022 12:50:11 GMT
Date: Tue, 04 Oct 2022 06:51:33 GMT
Connection: keep-alive
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_8.jpg
172.67.145.167200 OK 62 kB URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_8.jpg
IP 172.67.145.167:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 770x440, components 3\012- data
Hash 6edf8643b514603690c06de8ea3e4129
91512b3ccd19830c07e45daee88a457570271229
ae6dc96b4556a07b5074c30d69e4b12a2e10716043ee6614d634fe4cd9a224a4
GET /clicks/chapter2/Rosealbear2_files/content_img_8.jpg HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/jpeg
Content-Length: 61753
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-f139"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fm1n6ICcrVis27qtyn%2BpAR8824YoUmVUNQRHM32U%2FAvi8Ps71iXbb1%2Fas6VD9rXzbHH9od28fUhwEvifTiIvlP6EpEjgZ%2BKV%2Be99lh0%2Byx7S%2FU4cKT0II3gs3AD6cB5oV0sClBCJ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5c6f0a1bfa-OSL
alt-svc: h2=":443"; ma=60
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/top_img.png
172.67.145.167200 OK 180 kB URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/top_img.png
IP 172.67.145.167:0
File type PNG image data, 624 x 605, 8-bit colormap, non-interlaced\012- data
Size 180 kB (179725 bytes)
Hash 029dd9292628872efc08c2398578c6e8
465806088f465ab0a1901621cc25771aa6126f0e
37590258e5a3035b9cf3f38f1ef11090942c3895559753f622a2ed9707b395ab
GET /clicks/chapter2/Rosealbear2_files/top_img.png HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/png
Content-Length: 179725
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-2be0d"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2dPdxB5%2FcdNbOgHmwIHx8%2FmEqofx3tieo%2FecUR76xjqAdY5P7jICpyjws04drXRjNCBG%2B43s0GJeT18xpeUnlL%2BUEmZiYREeNXymjD8wXufZ0q37Q%2BLYZ1E67yIiQbQR60Q%2F4WCz"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5c5ec4b50f-OSL
alt-svc: h2=":443"; ma=60
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_1.jpg
172.67.145.167200 OK 91 kB URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_1.jpg
IP 172.67.145.167:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 770x440, components 3\012- data
Hash a905e5411833c4631ecfda393a509db3
17dd38c12a54efffb10cdb2b1c6480ae01002ed7
9a22d24847681f53aa3ea530cd1c855190cd5f687b0f2a5e4cf98237dbb0d2e4
GET /clicks/chapter2/Rosealbear2_files/content_img_1.jpg HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/jpeg
Content-Length: 90632
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-16208"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bN5Hg4J8fKivCcKdyOBd8KYlEUaSRGwOWDXOjam2%2FfhXezDzAALbqFwnemOevnFqGfoAcfdZasp46pD9i8Ch7X2OEdIMQEP%2B%2BjyzAgZTG7B7leKMBmBKPmw7VlcT1mRwSfSUW7Yg"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5caabeb505-OSL
alt-svc: h2=":443"; ma=60
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_5.jpg
172.67.145.167200 OK 92 kB URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_5.jpg
IP 172.67.145.167:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 770x440, components 3\012- data
Hash 3e7500b87b9bcf16a1b82d302be69ff7
10b61015be6f5ac86c28f468e0fbda9dfa497821
acfa44424d2d360c7f163559f8ab7e43c87ef50402a375f7f12815c9e097fe5f
GET /clicks/chapter2/Rosealbear2_files/content_img_5.jpg HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/jpeg
Content-Length: 92034
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-16782"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 1751
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AxwSCWPjyecufpDC4gZfqAJiAy6HZudYgY4kY%2FFtjJKJcRSedgtieEm4Pi2IWLzfQ%2BjeJkYuWRiuxtJXCaM8PqsOsEfF%2B70ypD8JJFgxSe5dyulPZVyT1KW1p237I5cj6IDATHtI"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5df8dcb50f-OSL
alt-svc: h2=":443"; ma=60
www.prayroll.sa.com/clicks/chapter2/fonts/fontello.ttf?45898082
172.67.145.167404 Not Found 116 B URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/fonts/fontello.ttf?45898082
IP 172.67.145.167:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash d6e62b966693d7822072903ae8310d00
2de307cf4db56a090d7633f2da9ce6d224f6ffb7
36bd7d3c61ddaa2cfd74438dfcc2552f527a5299abc17957073a05d4b1d5cecf
GET /clicks/chapter2/fonts/fontello.ttf?45898082 HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/fontello.css
HTTP/1.1 404 Not Found
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j0o9mZGrP4VaW1Zp%2FsOF5DdVN3O4KwBIO2X5oUS4eG9a1I1pEeMFbViwcqkb%2Flo4njahSAr5WAwxoe9bdIGfn0XEivDqmp7QkH6%2BXfFhFIgROh%2BpGdi0NrUatprYLdTXjvMLobeT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5dc8031bfa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
hypertechx.com/ps//templates/Pixel.iframe.php?net=2979&aff={AFFID}&sid={SUBID}&cid={CLICKID}&type_detect=retargeting&prod=rosealcutebear
207.154.203.102200 OK 92 B URL HTTP/1.1 hypertechx.com/ps//templates/Pixel.iframe.php?net=2979&aff={AFFID}&sid={SUBID}&cid={CLICKID}&type_detect=retargeting&prod=rosealcutebear
IP 207.154.203.102:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 1d70ef45582c344c6ce7a88da3042424
6af8dfb071d50ccc65aa7d12c184a0cad218b913
04b3828c54adec784e53b1ef995cec191c197a820e73ebb98718f3c418a067a4
POST /ps//templates/Pixel.iframe.php?net=2979&aff={AFFID}&sid={SUBID}&cid={CLICKID}&type_detect=retargeting&prod=rosealcutebear HTTP/1.1
Host: hypertechx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.prayroll.sa.com
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Tue, 04 Oct 2022 06:51:32 GMT
Cache-Control: no-cache, no-store
Content-Encoding: gzip
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_2.jpg
172.67.145.167200 OK 52 kB URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_2.jpg
IP 172.67.145.167:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 770x440, components 3\012- data
Hash 6124e5518e11d807eb80e1cd077262ba
c83380a6f1a54286df12d4171611872d99493151
13613ef8211578ce3d308c300cee8fc35ef9db5e4bb75e38e9bcf092c9e74566
GET /clicks/chapter2/Rosealbear2_files/content_img_2.jpg HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/jpeg
Content-Length: 52404
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-ccb4"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vIjRWjzdrNnm6v6f5W8pLj2gqoTx7A9XG3o8nbEDxYCZcxMvkOgIXFVujWlc11dSAs8duNGB9POpF3qkGSsGDsbsJrHSkG%2BDMkCX9eXM96HvRzoGvGB%2FQ98cvPUhmRnWyoO6vjjh"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5d580c0afe-OSL
alt-svc: h2=":443"; ma=60
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_4.jpg
172.67.145.167200 OK 65 kB URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_4.jpg
IP 172.67.145.167:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 770x440, components 3\012- data
Hash a3358ba5fd7ece7926640d6b9ead7f6c
d2c88ac2ab3a0a95efef69114d98d5fd580759e0
21e0da1da05c6fe3e6b5d9821de45ce576c6cedd846c53e2bb562d93df59c63f
GET /clicks/chapter2/Rosealbear2_files/content_img_4.jpg HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/jpeg
Content-Length: 65444
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-ffa4"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TTGIhWzHx4EVZX0UvO5%2BslKDn6YEa6B4yPVhyzcPQs2k73%2BgdEuAID9rn37R8UkePEytBZjFlrYnG2rdZmp%2BdV0zdmgGI2G8sQ4wmT4BOVT50z9LF3DvTX9Y06ezo5Lf42gR%2Bcup"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5d9e720b59-OSL
alt-svc: h2=":443"; ma=60
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/banner_img.png
172.67.145.167200 OK 19 kB URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/banner_img.png
IP 172.67.145.167:0
File type PNG image data, 187 x 155, 8-bit colormap, non-interlaced\012- data
Hash 0e296e0df65e7a07403eb0ebaa802118
93a34fe18c0f99579ba7429759dd5463456888fa
9e8a5ba4d77c92a6249b1c868112a6e1fcf1a0090bdb27a4202cf74ad80d13fd
GET /clicks/chapter2/Rosealbear2_files/banner_img.png HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/png
Content-Length: 19033
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-4a59"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9CSCCWzKWx%2F%2Fx%2BdVJm24lB7GhsdGeNAWTtOzoHFirYUtoOur6zknaKBFomDUBIjDvcTpq33JmbV8S010QaVJCPidl5RrNZnPaAMHOEUOh4gvV2j8vnAG9hsg3Jq6WgkxCcS8%2Fbqh"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5e08eab50f-OSL
alt-svc: h2=":443"; ma=60
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_6.jpg
172.67.145.167200 OK 65 kB URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_6.jpg
IP 172.67.145.167:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 770x440, components 3\012- data
Hash 2b1fdc001fde3c8aee2dc4f38d7cba28
76c57160bcf5d64b49018d5510915d903b67b34c
f172bbc39569b63d61d5ba7589f4272c64aa93cade0a9fab5958b99e19bcdfff
GET /clicks/chapter2/Rosealbear2_files/content_img_6.jpg HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/jpeg
Content-Length: 64600
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-fc58"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rCP36aycBjmg9D6Nbsz4VNt5FVssnP20xjgp1SBKnHL1yBDJGnVrvQ4JWdbZI5PKqs9Twjs0yjWBbVTq%2Bo%2B0k3O4X56eA%2Bk0RsSxHZKxRAxxm9auWvnRibwB3j6XgfKXmHBZ3eRu"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5dfc22b505-OSL
alt-svc: h2=":443"; ma=60
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_3.jpg
172.67.145.167200 OK 116 kB URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_3.jpg
IP 172.67.145.167:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 770x440, components 3\012- data
Size 116 kB (115955 bytes)
Hash 7634003e6c65ae0ba860389e31fa3f98
40debaf86813ea40f673c26147f61d81306a2df9
625882531849b98ac0cadcaf37a842dbd9badb8e66a2fb6b3aa0ef3ab7fa8fdf
GET /clicks/chapter2/Rosealbear2_files/content_img_3.jpg HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/jpeg
Content-Length: 115955
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-1c4f3"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sngWL%2BfkiBmTaGlyyF9wnDZTHhmZXfvS4XZCEErZWEg4PGVpXUwVUUlonP%2FhHeoiwb%2BVvZwBmsqqn8RgbxpG2i%2FdoHaTQFGURBm4afZ2hxrnG767QGwU9GzkFHvk0X26%2Fs2x%2FuY2"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5d9ac70b31-OSL
alt-svc: h2=":443"; ma=60
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/banner_img_m.png
172.67.145.167200 OK 22 kB URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/banner_img_m.png
IP 172.67.145.167:0
File type PNG image data, 144 x 219, 8-bit colormap, non-interlaced\012- data
Hash d6ea637fe3810bf2a1a5a8c64db79fb8
2e84b9125dd14c39fef5229501b726e5999f5956
593728b2750109be90b9f485f6574b82a035f1aeb03da08b9349691d30aa0b65
GET /clicks/chapter2/Rosealbear2_files/banner_img_m.png HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/png
Content-Length: 22215
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-56c7"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2t5Hpz3RlbG2YrZHNYd8jxCb%2B9iQZt6dfKaN000GW%2B2HDTa%2FhBMf51yqTXcX8UBbCi69O%2BnRIOo7MYo51vm1d5fu38b7p%2Fd9%2FWg6YSj0%2BbELUVFE7ynU2vwhszphnxgAh41KdaBK"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5e184c1bfa-OSL
alt-svc: h2=":443"; ma=60
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/cart_img.png
172.67.145.167200 OK 245 B URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/cart_img.png
IP 172.67.145.167:0
File type PNG image data, 17 x 13, 4-bit colormap, non-interlaced\012- data
Hash a9c8f42db429e81d832e982ed6c6d2b8
86b6c9af64b78bedde25d140a18f29b747ec952b
f5318d67f0717460be562b2579117009d1eb3f6df57523536ca350141f57ff02
GET /clicks/chapter2/Rosealbear2_files/cart_img.png HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/png
Content-Length: 245
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-f5"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4OcSOo70Bzo4tHOsO0tPvEPXzwyI1sQuFNnOewyLvpqAhQjV2sDQNHrIe%2FSlHFldCj0UDJ9cHsiFTrg%2FYmL8yvE1A7ZqBeTNYz5hEGkLhlcuWhTzGxhx8gZv9LdniS9Y6qE%2FnmUa"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5ed93e0afe-OSL
alt-svc: h2=":443"; ma=60
hypertechx.com/ps/rosealcutebear/img/favicon.png
207.154.203.102200 OK 3.1 kB URL HTTP/1.1 hypertechx.com/ps/rosealcutebear/img/favicon.png
IP 207.154.203.102:0
ASN #14061 DIGITALOCEAN-ASN
File type PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Hash 8d9a6188a5d8039cb6673e702843089a
9ea84cc7a749d1f3ecac6d5b9df01b5107839d4e
a42a4f95df0de366dade605621b9e3b8b9aea841d4cfa0cd9d9509701e569dcb
GET /ps/rosealcutebear/img/favicon.png HTTP/1.1
Host: hypertechx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/png
Content-Length: 3138
Last-Modified: Mon, 27 Jan 2020 12:49:49 GMT
Connection: keep-alive
ETag: "5e2edc6d-c42"
Expires: Thu, 03 Nov 2022 06:51:33 GMT
Pragma: public
Cache-Control: max-age=2592000, public
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6199
Expires: Tue, 04 Oct 2022 08:34:53 GMT
Date: Tue, 04 Oct 2022 06:51:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6199
Expires: Tue, 04 Oct 2022 08:34:53 GMT
Date: Tue, 04 Oct 2022 06:51:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6199
Expires: Tue, 04 Oct 2022 08:34:53 GMT
Date: Tue, 04 Oct 2022 06:51:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6199
Expires: Tue, 04 Oct 2022 08:34:53 GMT
Date: Tue, 04 Oct 2022 06:51:34 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 206fb65e75dbadf119512f71e0b78402
58ff0bf8ce7528b303d28bab01a80ad721705569
56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6315
x-amzn-requestid: 6aa75b16-32e4-48a7-9fb0-9e3d5528c2d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWSdsHUnIAMFXtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338cabd-742d8a436403683e0cd9368f;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 23:18:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5sAzc5Ewv4g6Wqq6JJiLylG3Jyy_nlWrr5Oteeo6ebEgq7Rvss4XaQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 04:42:53 GMT
age: 7721
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d8c08f8066cc732de8befd6ccd629a95
22aab05208a01ae5def4d63dc145085630f57bcb
f8a560a0563518d992d0bd2655d2b5c406435a18e874ca00b51374d2ff901770
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9917
x-amzn-requestid: 2dff93d9-795d-4885-9b82-610b0d235a82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTGEnIAMF1zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-117afa703663ada75627792c;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: p5nOqBojKO6S-c_DxIu8B3p-NK0pzRHkz0DOPeyv7PQt9h0x1jdtoQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:55:54 GMT
age: 32140
etag: "22aab05208a01ae5def4d63dc145085630f57bcb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962fb2a2-ad40-48cf-87a7-de082c564a5e.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962fb2a2-ad40-48cf-87a7-de082c564a5e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f2287c489794dab0e9ba923a2057988f
2b9f6828a38da81b40dcad033572e48b4c5896db
e853fa2acf2425d14cb9746e8bbd45c8765598d2bb630859086b4668182dbf6c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962fb2a2-ad40-48cf-87a7-de082c564a5e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8534
x-amzn-requestid: 8ae51cd3-697b-47ed-8493-8f83e2bc7469
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpHuHlXoAMFucg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5564-165d72034440cf810d42f3bd;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: LPt8LUVoKhXjfz-jZHLmnWD15tQgSLRaxl-Bsl0UU83G7wm3jj7_mg==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:37:24 GMT
age: 29650
etag: "2b9f6828a38da81b40dcad033572e48b4c5896db"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4fcdf5f2-fb82-429f-a6f0-8f79d8aa9106.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4fcdf5f2-fb82-429f-a6f0-8f79d8aa9106.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 50556325e5a38a5dd7802b1391815bcb
cf021352d993967e78552b275424ff139e4ef66c
96fd2e848a45d071e334a8d08c8b89215f80f01f947af6da2efaee72dd16914c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4fcdf5f2-fb82-429f-a6f0-8f79d8aa9106.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9455
x-amzn-requestid: c7e1aa21-0afd-4329-a886-ca52e1a30c7e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcqJXHLUIAMFU1g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5708-1905710834041431314b11be;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:41:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: D-2NszpZ31D2YAbZRcPdqN3zZ2ScANt6bokfSbANgnsXBoTF2d__AQ==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:08:09 GMT
age: 31405
etag: "cf021352d993967e78552b275424ff139e4ef66c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fec31ab6c-46f2-4d77-a807-9f14bb5073bc.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fec31ab6c-46f2-4d77-a807-9f14bb5073bc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 54b3ef7aa50273b78b59c24511b0c1f9
e2ea2ef6805e391c497e62e101e76a0bdecfce64
296e8954022d5160137b3e02ab5085a15cee7c23cd6d4ca61b36880706062457
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fec31ab6c-46f2-4d77-a807-9f14bb5073bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11955
x-amzn-requestid: ce6bbe93-95b0-4b6e-a8bc-012796485e67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zcqb9FUtoAMF0WQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b577f-59dc0a18523f900a059aa5df;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:43:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: tJwzKfs7HnQ7dVcINwnlzxTChXiEi4JPj8jrS8p5KhurRx_o3ZVOZQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:10:59 GMT
etag: "e2ea2ef6805e391c497e62e101e76a0bdecfce64"
content-type: image/jpeg
age: 31235
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92f8209d-8dc3-45f5-bfb8-151edb23e30c.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92f8209d-8dc3-45f5-bfb8-151edb23e30c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 126f1f4538e5e4228a4f36d3b02e9d62
16f2fe758de4ebf7d654cb9669c73f030eb1fdef
594210beaabbc35a37d5d648836277f950e46b2d4c2eab2abde2d33beafdff37
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92f8209d-8dc3-45f5-bfb8-151edb23e30c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4996
x-amzn-requestid: 2f13b6ea-4426-4b3f-81be-5d8ca0278ce7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcrokFkroAMF0XA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5969-421b4993676a68df2b43ad65;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:51:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 0s9K75q7TzjbFBJ3vviHLcItPRb6CP2URJRYs2k9JmppyWHKvzv5hg==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:10:59 GMT
age: 31235
etag: "16f2fe758de4ebf7d654cb9669c73f030eb1fdef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.prayroll.sa.com/offer.php?id=184&sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
104.21.73.147200 OK 0 B URL HTTP/2 www.prayroll.sa.com/offer.php?id=184&sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
IP 104.21.73.147:0
GET /offer.php?id=184&sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.prayroll.sa.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 06:51:32 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3.25
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7z2PmySfq1tg4winwFMMAA2O8VmmQ0KZ%2B%2B96eAP%2B84jqfj1c1nF9P%2BzJ%2FF7ymqedKDjXwjY1GSaSVlNhv4GJVgU0GwbaIqvL0Oyuv%2B25pLhd32yei8RyclDYXBZ1AFtmXFnGweOe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 754bfd57f8e0b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_7.jpg
172.67.145.167200 OK 0 B URL HTTP/1.1 www.prayroll.sa.com/clicks/chapter2/Rosealbear2_files/content_img_7.jpg
IP 172.67.145.167:0
GET /clicks/chapter2/Rosealbear2_files/content_img_7.jpg HTTP/1.1
Host: www.prayroll.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.prayroll.sa.com/clicks/chapter2/Rosealbear2.php?sid=995602&h=fa2rthrfvdtppdpd_fjeb89stqk283wpguwbn5ipbrk/exkmzfwdr1szej6muteefw3zfeyomttsqqec3lxer75odzw-k517w7nnhswknkraqier0oo9pxvt6c_8-qdepcudtfy38wvx2x989slctbecybi-pxlxrk5dnhw1ejffwifzxsqiaefhwbejv_0mnesajkdr60teguzvj3udlpe
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 06:51:33 GMT
Content-Type: image/jpeg
Content-Length: 93953
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2022 19:05:08 GMT
ETag: "62e823e4-16f01"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 1751
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Xw4lUaqrkzmZMmidmxVPdj7NvtEWAWIjLII%2BACezyUOfv3yxRjIjJ6fLu3kIeVICvY%2F6MkCCSyaGqy2kmAw1ZF95L7J2d1tKmRSjxpqAA0ae%2B%2F34X1Z3x%2FIkDYnyQiio11qTMpn"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754bfd5c69bd0b31-OSL
alt-svc: h2=":443"; ma=60