Overview

URL c2.applicationgrabb.com/?step_id=1&installer_id=6498386953510671845&publisher_id=2628&source_id=0&page_id=0&affiliate_id=0&country_code=RU&locale=EN&browser_id=1&download_id=3154629473801215087&external_id=0&session_id=2635383633526612256&hardware_id=16216420101906140514&ig=&installer=&_file_name=Pok%C3%83%EF%BF%BD%C3%82%EF%BF%BD%C3%83%EF%BF%BD%C3%82%C2%A9mon+Platin+Edition&product;_name=Pok%C3%83%EF%BF%BD%C3%82%EF%BF%BD%C3%83%EF%BF%BD%C3%82%C2%A9mon+Platin+Edition&q;=Pok%C3%83%EF%BF%BD%C3%82%EF%BF%BD%C3%83%EF%BF%BD%25&q;=Pok%C3%83%EF%BF%BD%C3%82%EF%BF%BD%C3%83%EF%BF%BD%C3%82%C2%A9mon+Platin+Editi&i;&ignore_downloader=1&ignore_downloader=1&ignore_downloader=1&filesize=&product_name=Your+File
IP173.239.5.6
ASNWEBAIR-INTERNET
Location United States
Report completed2022-09-08 07:23:14 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-08 2 applicationgrabb.com/ Phishing
2022-09-08 2 balor-ghn.com/zcvisitor/13e21303-2f47-11ed-a461-1289ca541341/13946a70-a5da- (...) Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS
Scan Date Severity Indicator Comment
2022-09-08 2 arkdcz.com Sinkholed


Files

No files detected



Passive DNS (31)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS applicationgrabb.com (1) 0 2014-05-22 11:18:43 UTC 2022-09-07 15:43:02 UTC 173.239.5.6 Unknown ranking
mnemonic passive DNS ocsp.sca1b.amazontrust.com (2) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 143.204.42.156
mnemonic passive DNS www.fst-ent-lnk.com (1) 0 2020-07-30 13:54:41 UTC 2022-09-06 23:17:09 UTC 54.200.116.57 Unknown ranking
mnemonic passive DNS r3.o.lencr.org (5) 344 2020-12-02 08:52:13 UTC 2022-09-08 04:49:00 UTC 23.36.77.32
mnemonic passive DNS landers.of-bo.com (1) 416367 2022-01-13 21:26:53 UTC 2022-09-06 23:17:09 UTC 172.67.155.108
mnemonic passive DNS ocsp.pki.goog (5) 175 2017-06-14 07:23:31 UTC 2022-09-07 04:49:42 UTC 142.250.74.3
mnemonic passive DNS js-agent.newrelic.com (1) 378 2017-01-30 05:00:15 UTC 2022-09-08 05:01:16 UTC 151.101.86.137
mnemonic passive DNS fstlgin.com (1) 0 2022-06-21 19:32:49 UTC 2022-09-08 00:16:55 UTC 163.171.140.79 Unknown ranking
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-07 05:08:41 UTC 52.42.74.230
mnemonic passive DNS ocsp2.globalsign.com (1) 1544 2012-05-21 07:12:19 UTC 2022-09-07 04:51:26 UTC 104.18.20.226
mnemonic passive DNS ajax.aspnetcdn.com (2) 693 2012-05-24 13:35:31 UTC 2022-09-08 04:34:17 UTC 152.199.19.160
mnemonic passive DNS ajax.googleapis.com (1) 12905 2019-10-15 17:52:08 UTC 2022-09-08 02:20:20 UTC 142.250.74.10
mnemonic passive DNS geoip.enlistsecureup.com (1) 269993 2021-12-22 01:39:03 UTC 2022-09-08 00:16:45 UTC 163.171.128.172
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-08 05:16:49 UTC 143.204.55.49
mnemonic passive DNS fonts.googleapis.com (2) 8877 2014-07-21 13:19:55 UTC 2022-09-08 01:07:20 UTC 142.250.74.10
mnemonic passive DNS kit.fontawesome.com (1) 1868 2019-03-29 02:12:52 UTC 2022-09-08 05:07:49 UTC 104.18.23.52
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-07 12:21:16 UTC 34.120.237.76
mnemonic passive DNS www.arkdcz.com (1) 767397 2021-10-26 21:03:57 UTC 2022-09-06 23:17:08 UTC 34.149.6.227
mnemonic passive DNS dngsnl.com (4) 0 2022-02-10 12:26:02 UTC 2022-09-08 03:07:20 UTC 207.120.33.45 Unknown ranking
mnemonic passive DNS flirtyhoookup.com (1) 0 2020-03-26 11:26:33 UTC 2022-09-07 23:39:06 UTC 104.21.52.165 Unknown ranking
mnemonic passive DNS bam.nr-data.net (2) 630 2015-02-10 00:06:27 UTC 2022-09-07 04:54:29 UTC 162.247.241.14
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-08 05:13:30 UTC 143.204.55.36
mnemonic passive DNS ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2022-09-08 06:16:46 UTC 93.184.220.29
mnemonic passive DNS cartining-specute.com (1) 0 2021-01-31 23:37:43 UTC 2022-09-08 03:06:14 UTC 18.197.36.77 Unknown ranking
mnemonic passive DNS country.gameops.tech (1) 775443 2020-11-21 16:18:30 UTC 2022-09-06 23:17:09 UTC 172.67.136.190
mnemonic passive DNS ka-p.fontawesome.com (3) 4489 2019-12-16 20:35:53 UTC 2022-09-08 05:21:27 UTC 104.18.23.52
mnemonic passive DNS c2.applicationgrabb.com (2) 0 2014-05-22 12:37:01 UTC 2022-09-06 19:27:19 UTC 74.206.228.78 Unknown ranking
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-08 04:47:56 UTC 34.117.237.239
mnemonic passive DNS balor-ghn.com (3) 0 2022-08-26 15:31:19 UTC 2022-09-08 05:32:55 UTC 52.45.156.125 Unknown ranking
mnemonic passive DNS ocsp.starfieldtech.com (2) 6616 2012-06-22 18:08:50 UTC 2022-09-08 06:19:09 UTC 192.124.249.22
mnemonic passive DNS go.cyberslut2069.com (14) 0 2021-04-25 00:45:34 UTC 2022-09-07 15:33:41 UTC 54.230.111.7 Unknown ranking


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 173.239.5.6

Date UQ / IDS / BL URL IP
2022-12-05 01:08:45 +0000
0 - 0 - 4 www.spdoodles.com/ 173.239.5.6
2022-12-02 01:52:59 +0000
0 - 0 - 2 uk.userwww.pcukhgdn8yr.firedmeupppzs.com/557 173.239.5.6
2022-12-02 01:34:33 +0000
0 - 0 - 6 moivepk.a5zhukao.com/jdd 173.239.5.6
2022-12-01 10:55:29 +0000
0 - 0 - 3 ozangurer.net/ 173.239.5.6
2022-12-01 01:38:54 +0000
0 - 0 - 5 m.facebook.com-rd-2276807052.mserv01.com/ 173.239.5.6

Last 5 reports on ASN: WEBAIR-INTERNET

Date UQ / IDS / BL URL IP
2022-12-05 19:51:39 +0000
0 - 0 - 5 www.ozangurer.net/ 74.206.228.78
2022-12-05 16:58:45 +0000
0 - 0 - 3 discoversams.com/optiext/optiextension.dll?id (...) 173.239.8.164
2022-12-05 11:47:26 +0000
0 - 0 - 2 go.redanemone.xyz/redirect?feed=465513&url=t2 (...) 198.134.116.30
2022-12-05 10:02:12 +0000
0 - 0 - 1 virusalert3d.com/VirusAlert3D.dmg.zip 74.206.228.78
2022-12-05 01:08:45 +0000
0 - 0 - 4 www.spdoodles.com/ 173.239.5.6

Last 5 reports on domain: applicationgrabb.com

Date UQ / IDS / BL URL IP
2022-11-12 23:10:04 +0000
1 - 0 - 1 c1.applicationgrabb.com/?step_id=1&installer_ (...) 173.239.8.164
2022-11-08 09:56:29 +0000
0 - 0 - 4 c1.applicationgrabb.com/?step_id=1&installer_ (...) 173.239.5.6
2022-11-08 04:37:13 +0000
0 - 0 - 3 c1.applicationgrabb.com/?step_id=1&installer_ (...) 74.206.228.78
2022-11-08 04:07:07 +0000
0 - 0 - 3 c1.applicationgrabb.com/?step_id=1&installer_ (...) 74.206.228.78
2022-11-06 13:29:43 +0000
0 - 0 - 3 c1.applicationgrabb.com/?step_id=1&installer_ (...) 173.239.8.164

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-12-05 03:12:12 +0000
0 - 0 - 5 patio.brandonrfriedman.com/ 67.227.226.240
2022-12-05 01:15:05 +0000
0 - 0 - 5 mvyj.yy.wy5532.com/ 185.107.56.197
2022-12-04 02:34:47 +0000
0 - 0 - 4 deoseasr.org/acc/acc0unt/acc0unt/news/1474430 (...) 67.227.226.240
2022-12-04 01:00:03 +0000
0 - 0 - 5 indianbrachytherapy.org/ 67.227.226.240
2022-12-03 02:54:31 +0000
0 - 0 - 5 jhwwqsud.gov.wy5532.com/ 185.107.56.197


JavaScript

Executed Scripts (28)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (72)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 08 Sep 2022 07:03:06 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 2XmZa1XCjTZi5EMxilJI6k-Mjurtk_jxfws7XAKE5GaUmBLnJ_5FfQ==
Age: 1197


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    91dd975a7b17b2922dd23c0e49314e40
Sha1:   57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
Sha256: 09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
                                        
                                            GET /?step_id=1&installer_id=6498386953510671845&publisher_id=2628&source_id=0&page_id=0&affiliate_id=0&country_code=RU&locale=EN&browser_id=1&download_id=3154629473801215087&external_id=0&session_id=2635383633526612256&hardware_id=16216420101906140514&ig=&installer=&_file_name=Pok%C3%83%EF%BF%BD%C3%82%EF%BF%BD%C3%83%EF%BF%BD%C3%82%C2%A9mon+Platin+Edition&product;_name=Pok%C3%83%EF%BF%BD%C3%82%EF%BF%BD%C3%83%EF%BF%BD%C3%82%C2%A9mon+Platin+Edition&q;=Pok%C3%83%EF%BF%BD%C3%82%EF%BF%BD%C3%83%EF%BF%BD%25&q;=Pok%C3%83%EF%BF%BD%C3%82%EF%BF%BD%C3%83%EF%BF%BD%C3%82%C2%A9mon+Platin+Editi&i;&ignore_downloader=1&ignore_downloader=1&ignore_downloader=1&filesize=&product_name=Your+File HTTP/1.1 
Host: c2.applicationgrabb.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         74.206.228.78
HTTP/1.1 200 OK
Content-Type: text/html;charset=utf-8
                                        
Server: nginx/1.18.0
Date: Thu, 08 Sep 2022 07:23:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Size:   251
Md5:    8af508c68367fa252150433d59391636
Sha1:   ef0db24a657b533ba77ab3f5cf112663b9ce4599
Sha256: b7537f7e96b8d2fbb56a69c57570f5b02e42aeb15e4a77987be33377076d5651
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A0577A8FCFA81B3F86D99566EB4429655B93A238FFD1A3752BC9AAE3D969DEEA"
Last-Modified: Tue, 06 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16139
Expires: Thu, 08 Sep 2022 11:52:02 GMT
Date: Thu, 08 Sep 2022 07:23:03 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.49
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Thu, 08 Sep 2022 03:46:35 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 4cbwsXdXFDv2xqcX_cJb2z7IvtbMZ0av5ykqPqoV_c43HqDzFd303A==
age: 12989
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    742edb4038f38bc533514982f3d2e861
Sha1:   cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
Sha256: b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Thu, 08 Sep 2022 07:23:03 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: c2.applicationgrabb.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://c2.applicationgrabb.com/?step_id=1&installer_id=6498386953510671845&publisher_id=2628&source_id=0&page_id=0&affiliate_id=0&country_code=RU&locale=EN&browser_id=1&download_id=3154629473801215087&external_id=0&session_id=2635383633526612256&hardware_id=16216420101906140514&ig=&installer=&_file_name=Pok%C3%83%EF%BF%BD%C3%82%EF%BF%BD%C3%83%EF%BF%BD%C3%82%C2%A9mon+Platin+Edition&product;_name=Pok%C3%83%EF%BF%BD%C3%82%EF%BF%BD%C3%83%EF%BF%BD%C3%82%C2%A9mon+Platin+Edition&q;=Pok%C3%83%EF%BF%BD%C3%82%EF%BF%BD%C3%83%EF%BF%BD%25&q;=Pok%C3%83%EF%BF%BD%C3%82%EF%BF%BD%C3%83%EF%BF%BD%C3%82%C2%A9mon+Platin+Editi&i;&ignore_downloader=1&ignore_downloader=1&ignore_downloader=1&filesize=&product_name=Your+File

                                         
                                         74.206.228.78
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: nginx/1.18.0
Date: Thu, 08 Sep 2022 07:23:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   114
Md5:    021ffd3b4e081732edb9f2fa096e8ef2
Sha1:   4b0c71d74bf395719f8f91e4903609e37b513046
Sha256: 71dc6b3c545761e64c88967c0f8005939255df258bf60e122b238095d0c9659c
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Thu, 08 Sep 2022 06:38:18 GMT
Cache-Control: max-age=3600
Expires: Thu, 08 Sep 2022 07:16:15 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ZnvsHfNsuuQ9R5_fcJMOnACkm9SkN214Wq3UkCFTfxVjUjWlXYVIsw==
Age: 2686


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2399
Cache-Control: 'max-age=158059'
Date: Thu, 08 Sep 2022 07:23:04 GMT
Last-Modified: Thu, 08 Sep 2022 06:43:05 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 9DxMJ+DTwx1BnDxMOwR/Qg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         52.42.74.230
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: DVCd26YHHCZI7PsKjyMqAZA4hcU=

                                        
                                            POST / HTTP/1.1 
Host: applicationgrabb.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 12
Origin: http://c2.applicationgrabb.com
Connection: keep-alive
Referer: http://c2.applicationgrabb.com/
Upgrade-Insecure-Requests: 1

                                         
                                         173.239.5.6
HTTP/1.1 200 OK
Content-Type: text/html;charset=utf-8
                                        
Server: nginx/1.20.1
Date: Thu, 08 Sep 2022 07:23:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: ipc=eyJ2ZXJzaW9uIjoxLCJzdWJJZCI6MywiZm9sZGVySWQiOjEsImZlZWRJZCI6NjQsInRzIjoxNjYyNjIxNzg1LCJoYXNoIjoiNTBiNjllZGQifQ==;Expires=Thu, 08-Sep-2022 08:23:05 GMT;Max-Age=3600
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Size:   245
Md5:    38a02e90c08251f51d9989a5fa454631
Sha1:   8122cfcf8bc8992910a4678bf6c0983599627062
Sha256: e4dba8e36e310b12eda4368d84a2c3f3b735825b0d40c53db3f370d34fc9b723

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /zcvisitor/13e21303-2f47-11ed-a461-1289ca541341/13946a70-a5da-11ec-9226-0a76dcc61f13?campaignid=3333e050-2de2-11ed-8859-0a918cbcbb97 HTTP/1.1 
Host: balor-ghn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://applicationgrabb.com/
Upgrade-Insecure-Requests: 1

                                         
                                         52.45.156.125
HTTP/1.1 200
Content-Type: text/html;charset=UTF-8
                                        
Date: Thu, 08 Sep 2022 07:23:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: upmUpHKj


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   996
Md5:    2dd0940fed9a64200c6ee8b964c0c09a
Sha1:   8a92480c367db39dee807f867f8c654985a667ce
Sha256: 18fcbfe320a3cd672018efa0d3122747bd89d9dabf9a07f25034a836362b4405

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /zcredirect?visitid=13e21303-2f47-11ed-a461-1289ca541341&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false HTTP/1.1 
Host: balor-ghn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balor-ghn.com/zcvisitor/13e21303-2f47-11ed-a461-1289ca541341/13946a70-a5da-11ec-9226-0a76dcc61f13?campaignid=3333e050-2de2-11ed-8859-0a918cbcbb97
Upgrade-Insecure-Requests: 1

                                         
                                         52.45.156.125
HTTP/1.1 200
Content-Type: text/html;charset=UTF-8
                                        
Date: Thu, 08 Sep 2022 07:23:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: ujazcMYG


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (354)
Size:   794
Md5:    41b73423b40ea2268e1ca84d196c0050
Sha1:   2c4c777ae846aa2c8b5982d4e49bf499deb19ebc
Sha256: 5a5c827bfaf01cea12d964da179fdca23d13ceff626634a6c9995d55ba205485
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: balor-ghn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balor-ghn.com/zcredirect?visitid=13e21303-2f47-11ed-a461-1289ca541341&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false

                                         
                                         52.45.156.125
HTTP/1.1 404
Content-Type: text/html;charset=utf-8
                                        
Date: Thu, 08 Sep 2022 07:23:05 GMT
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: upmUpHKj


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Size:   653
Md5:    ba2732b1b2fa2626ffaa15f62f9e7d66
Sha1:   203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
Sha256: 879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20420
Expires: Thu, 08 Sep 2022 13:03:25 GMT
Date: Thu, 08 Sep 2022 07:23:05 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20420
Expires: Thu, 08 Sep 2022 13:03:25 GMT
Date: Thu, 08 Sep 2022 07:23:05 GMT
Connection: keep-alive

                                        
                                            GET /zp-redirect?target=https%3A%2F%2Fflirtyhoookup.com%2F%3Futm_source%3Dn19ck4pSWjZsA%26s1%3D719fbd40-273d-47b8-882f-683d1074b172%26s2%3Dwnbks70gepptfvsi2ijm8b9i&caid=2deaef68-c870-4247-a076-22d7e7f8e3ba&zpid=13e21303-2f47-11ed-a461-1289ca541341&cid=wnbks70gepptfvsi2ijm8b9i&rt=R HTTP/1.1 
Host: cartining-specute.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balor-ghn.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         18.197.36.77
HTTP/2 302 Found
                                        
server: nginx
date: Thu, 08 Sep 2022 07:23:05 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://flirtyhoookup.com/?utm_source=n19ck4pSWjZsA&s1=719fbd40-273d-47b8-882f-683d1074b172&s2=wnbks70gepptfvsi2ijm8b9i
pragma: no-cache
set-cookie: cc-v4=7DYOg6ksUuuPExuxKayyovclv%2BFJs2nyQPKlEsEeS4lSnNqVlALFTu4%2FVZlq8BShzZYTzqXPI0JMdbvfF6icBzchhFawRxfO2%2Fu1kwFqRyhYkvRK270LwnPew0ES66%2BodxpPAkvilbcZZg%2B0L3a%2Fdg%3D%3D; Max-Age=31536000; Expires=Fri, 08-Sep-2023 07:23:05 GMT; Domain=cartining-specute.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20420
Expires: Thu, 08 Sep 2022 13:03:25 GMT
Date: Thu, 08 Sep 2022 07:23:05 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb315ccda-47b0-49c5-99a0-12afdd067d85.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9522
x-amzn-requestid: 7dd97483-0aec-4301-92bf-a5dd376cd573
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YE91bFWFIAMF6nw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63184355-6b56e76e5c0144050ee2d274;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 07:08:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: axvuljIk5EvKbJXAVYHwYhZEgweosZodxvbxKjIRhYm8wPHDHgrcHQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 07:10:55 GMT
age: 730
etag: "c9f6dcbe2ff27a02eb16f9feb61463db6d991e1a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9522
Md5:    4441c1068785cba072f00d2d0eb6845a
Sha1:   c9f6dcbe2ff27a02eb16f9feb61463db6d991e1a
Sha256: a64cd40f7712eca8e1b5a82551f58017da1a940aa12cd6376d1acb38a0988252
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9afa50f-5ac3-4bb1-b267-82b7fe3558d5.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5395
x-amzn-requestid: 33c5a8a9-a006-40e4-b210-ad6ca29523e0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG-lnEMWIAMF8fQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63191156-7792c8dc77d1e9706466b7a7;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:47:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: MlVH5bKC2z08Ry5ZxbXQrVz4ZJp61ILwKPLyyPxgm0LBYl3HTF3u6w==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:02:08 GMT
age: 33657
etag: "ed0ed6164c756645532fd631d0ce72bc76ef6aa4"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5395
Md5:    c80ab72b0027230ca932410e56e77509
Sha1:   ed0ed6164c756645532fd631d0ce72bc76ef6aa4
Sha256: 03ed42a7fb94bff45232e88d934f41889703e15934d106cd100f327f1c17d346
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2e9b3424-a7df-4a41-82c2-4baf4813509c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11464
x-amzn-requestid: 5a4d63f8-dd44-4003-bd90-4ebcdf4517e2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XdbBcECroAMFrFA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63087209-22f3a6a174d32fd11f863106;Sampled=0
x-amzn-remapped-date: Fri, 26 Aug 2022 07:11:05 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: hvJEdV6JLI2wSnHo_y3lhjaS0p0-tXpeedn_z3BuRuz7xfqBun_ntw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 05:58:36 GMT
age: 5069
etag: "6ca14b815e1446172a72f28f58fbbf97272a512b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11464
Md5:    fcf56e65178e3bdb802a8215b48d11f0
Sha1:   6ca14b815e1446172a72f28f58fbbf97272a512b
Sha256: 42a88966c46e9670786e171700f403805f1a278aef0edfee233afb8fd5e41e46
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F822fb287-f1f6-45a1-be54-4fa7385bb163.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11365
x-amzn-requestid: d50039cd-381c-4221-997e-9231d40ecfbb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9V0EHEoAMFeag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f58-11cab61904bd14462cd13d0d;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:38:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Qhobt81rs5gqg8hcr1Su3J3MNFt4_gR2hLHkIl5xDDS1HF9g_3ecCg==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:40:35 GMT
age: 31350
etag: "6ceea057f5ae50b9cef505da0a358e3d3b7d6a38"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11365
Md5:    6f73ee4e91b38eaa36cadd4c437785f8
Sha1:   6ceea057f5ae50b9cef505da0a358e3d3b7d6a38
Sha256: 778d28e14b28c154843403470136d0efdcdd5e93e4b5aab784c12d4344e7af6f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ba17b3c-58f5-4458-8dc2-8e4a7cf8d782.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7251
x-amzn-requestid: 26b2021a-4440-47ce-8dba-d971cae60cc1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9bmHcmoAMF3Fw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f7d-5471edce7de2374c3b8af888;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:39:09 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: d3MrDEyDFDylQKyfxONQ12_7IBvRAg8o0rSZ64WNRGNvDHqQyDmqJA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 e77661e211afe9242e85e573f12d5534.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 22:17:17 GMT
age: 32748
etag: "d6daca74fc85d39274b3c7536f34528bef93ae97"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7251
Md5:    1cd778a615e9a4ca3a25119790398434
Sha1:   d6daca74fc85d39274b3c7536f34528bef93ae97
Sha256: e6b5a7a525e314e09c30985b22da7c34806df09cbe98ad52b00dcbf93a0dc054
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffde48022-9b21-4eb3-b8b7-e4fcb208d624.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8246
x-amzn-requestid: d1a11f7f-22b7-4fc1-b33d-402e5bc3af33
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YG9TgEx4oAMF-pg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63190f49-7305dd7653fe38c9445e02a8;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 21:38:17 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: PA6CECu22n08hUsg1usYAy2YARZu4b0C0Lb9Rfh5RCKL3m3DDEWewg==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 0800f067ff646622f3e8e507cb9b52e8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Sep 2022 21:47:05 GMT
age: 34560
etag: "7bcd0b99c0fb6d9ead1dd6878377f5a582bde20d"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8246
Md5:    036db462684c81e3906433a0d2929eb8
Sha1:   7bcd0b99c0fb6d9ead1dd6878377f5a582bde20d
Sha256: a252f30f9239f6a343b23c9d3e1d1b7460c5ee5a592d3372bf124760baa6e657
                                        
                                            GET /MSJ7L4/HX6G2NF/?sub1=418543&sub2=jWUpsmlXHxzKCXTLLVeLywmPXzNfAqxSQm HTTP/1.1 
Host: www.arkdcz.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://balor-ghn.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         34.149.6.227
HTTP/2 302 Found
content-type: text/html; charset=utf-8
                                        
server: nginx
date: Thu, 08 Sep 2022 07:23:07 GMT
content-length: 169
location: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=f1c27b1779234eb793cfc15dc32ecbfc&tk=MSJ7L4
set-cookie: uniqueClick_HX6G2NF=68f100dc-cc6d-42c4-a1ef-e642ee629380:1662621787; Path=/; Expires=Fri, 09 Sep 2022 07:23:07 GMT; Secure; SameSite=None transaction_id=f1c27b1779234eb793cfc15dc32ecbfc; Path=/; Expires=Wed, 07 Dec 2022 07:23:07 GMT; Secure; SameSite=None
vary: Origin
x-eflow-request-id: 93deaa3e-dbb2-4308-ad06-fa213f7c9e1e
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   169
Md5:    142d6805a384f65de55facacb5f424d4
Sha1:   6a4b21f06779380cbd917d42c11a31f82790aca8
Sha256: 39fb196743ed9015dbc1f10c0aa0bf5060832153006867306f4c4e99b8e49a5c

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: ocsp.starfieldtech.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         192.124.249.22
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Sucuri/Cloudproxy
Date: Thu, 08 Sep 2022 07:23:07 GMT
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 07 Sep 2022 15:22:09 GMT
Expires: Thu, 08 Sep 2022 15:22:09 GMT
ETag: "b452529f67e7ecaf3c025f87261269416083ffba"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"


--- Additional Info ---
Magic:  data
Size:   1845
Md5:    52e5530d6b56911bace126dc5e4bf7fa
Sha1:   b452529f67e7ecaf3c025f87261269416083ffba
Sha256: 97591ffd036c31450a60208085036e6f848e085fd541fbce42c34b42eef571fc
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         143.204.42.156
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Thu, 08 Sep 2022 07:23:07 GMT
Server: ECS (dcb/7EEA)
X-Cache: Miss from cloudfront
Via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: SupEPJIS31AVZPFncV7rd9E3RHinFtpwpkeKRI0kiK9jQ99Ku788ig==

                                        
                                            GET /vrfttcyber/assets/images/flags/us.png HTTP/1.1 
Host: go.cyberslut2069.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=f1c27b1779234eb793cfc15dc32ecbfc&tk=MSJ7L4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         54.230.111.7
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 2375
last-modified: Thu, 02 Dec 2021 15:25:52 GMT
server: AmazonS3
date: Wed, 07 Sep 2022 17:23:10 GMT
etag: "a2080b2d193dbbd3cb34b32ad919da62"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: O5KGHSlCC5mB1_17BG72EM_-jNQ5Pd3apAFjkRbsAT4SnlIhuqerMw==
age: 50398
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 250 x 132, 8-bit colormap, non-interlaced\012- data
Size:   2375
Md5:    a2080b2d193dbbd3cb34b32ad919da62
Sha1:   f822886642e0388d79c8f5917b41f27efbdec94b
Sha256: 5b38ab13f52bc95184012a4b6afafa3eca7a6ac03c762515b4550b4337548ca7
                                        
                                            GET /vrfttcyber/assets/images/themes/cyber/logo/logo.png HTTP/1.1 
Host: go.cyberslut2069.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=f1c27b1779234eb793cfc15dc32ecbfc&tk=MSJ7L4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         54.230.111.7
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 16420
last-modified: Thu, 02 Dec 2021 15:26:11 GMT
server: AmazonS3
date: Thu, 08 Sep 2022 07:23:07 GMT
etag: "4673cfc8d2708f4ebe2f821483548ccc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 9PVMMZgrcJFbqgcvrO83UAeCrOh9XhhfOGe2NfcDVMtyPkvgp24YmQ==
age: 18154
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 637 x 156, 8-bit/color RGBA, non-interlaced\012- data
Size:   16420
Md5:    4673cfc8d2708f4ebe2f821483548ccc
Sha1:   815322d33fb4298771be6a43e14b821d365766d7
Sha256: f2cd404c754d24e0721a08f4b203d5b9853c4bd229c62f339edf1f46195b2154
                                        
                                            GET /vrfttcyber/assets/images/girls/hair01_tits01_tattoo01.png HTTP/1.1 
Host: go.cyberslut2069.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=f1c27b1779234eb793cfc15dc32ecbfc&tk=MSJ7L4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         54.230.111.7
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 330574
last-modified: Thu, 02 Dec 2021 15:25:53 GMT
server: AmazonS3
date: Thu, 08 Sep 2022 07:23:07 GMT
etag: "8d7069ee14a82c9f9139a5d08882497a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: mpx2KFNwvzFY2Y9Vn88IvPOB8nU_MxwYGEiQFddQjZJEF1Ia-Z32aw==
age: 3767
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 790 x 1600, 8-bit colormap, non-interlaced\012- data
Size:   330574
Md5:    8d7069ee14a82c9f9139a5d08882497a
Sha1:   0310dd9990c5888f8d51b4defa3ca78ce820b3e2
Sha256: 933adcdf66e29312523119f0f868488a25e92a5b05e0443c961ca80aaeb42a9f
                                        
                                            GET /vrfttcyber/assets/images/beyblade.gif HTTP/1.1 
Host: go.cyberslut2069.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=f1c27b1779234eb793cfc15dc32ecbfc&tk=MSJ7L4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         54.230.111.7
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 36298
last-modified: Thu, 02 Dec 2021 15:25:35 GMT
server: AmazonS3
date: Thu, 08 Sep 2022 07:23:07 GMT
etag: "93a41ee339dd621452c6aa4054e8eca8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: OjpBoeZ34yhCjARE6kG5bGYDi8bZSwQcnROB_tSzsBN-ZEG5JDKeGw==
age: 12099
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 200 x 200\012- data
Size:   36298
Md5:    93a41ee339dd621452c6aa4054e8eca8
Sha1:   a1f75cc251cbe7291cefd06fd91b4c35b6c93612
Sha256: 0ea3f03b9e168629659c281ec66fd5a82d36d7b6fd644381c18ecad41e62a5a3
                                        
                                            GET /vrfttcyber/assets/images/box.png HTTP/1.1 
Host: go.cyberslut2069.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=f1c27b1779234eb793cfc15dc32ecbfc&tk=MSJ7L4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         54.230.111.7
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 13243
last-modified: Thu, 02 Dec 2021 15:25:35 GMT
server: AmazonS3
date: Thu, 08 Sep 2022 07:23:07 GMT
etag: "0fcc2772acc897c48dae5c6f52093388"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 4ExQi3TT3Zz83C5PuA2XcKzcBz6U051CAukRkgVZUslBSROK-jDs2w==
age: 15250
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 747 x 644, 8-bit/color RGBA, non-interlaced\012- data
Size:   13243
Md5:    0fcc2772acc897c48dae5c6f52093388
Sha1:   c8a80e850168e1fd7b761327dd460054e7451d8e
Sha256: e73f3a488ee9e68ff4484df002b38a200aee2170617bb0746e05c7f992135805
                                        
                                            GET /vrfttcyber/assets/images/themes/cyber/background/bkg.jpg HTTP/1.1 
Host: go.cyberslut2069.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=f1c27b1779234eb793cfc15dc32ecbfc&tk=MSJ7L4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         54.230.111.7
HTTP/2 200 OK
content-type: image/jpeg
                                        
content-length: 13989
last-modified: Thu, 02 Dec 2021 15:26:08 GMT
server: AmazonS3
date: Thu, 08 Sep 2022 07:23:07 GMT
etag: "d5dabdf9d18c947ea72fe90f8c39e31e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 2xSqOCiupVUfjm1GAZaPh_TBQFMAUtsv3U-1Jcfv-ycVSD-45D1dRQ==
age: 23446
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Compressed by jpeg-recompress", progressive, precision 8, 1920x1081, components 3\012- data
Size:   13989
Md5:    d5dabdf9d18c947ea72fe90f8c39e31e
Sha1:   33a5e90f4a59072ab4b3d73204fff01d6a08a0f8
Sha256: d940cab6f0a1fe6a425596757ac2a10b89fb4311acfd34aba2f075c0e2338f09
                                        
                                            GET /bundle.js HTTP/1.1 
Host: landers.of-bo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.67.155.108
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Thu, 08 Sep 2022 07:23:07 GMT
x-amz-id-2: E1iZQsAhGg3SjYuTzzcBGkhQtszxLD0aCyYnpV0H/N6wLcUlGLBdyO4Sc6M4P/KQrNMAcRotfEA=
x-amz-request-id: YGXAS2QERW7Z6X0K
last-modified: Tue, 09 Aug 2022 22:05:52 GMT
etag: W/"2f68fb7cd74453a748e232155e853e64"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4171
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FaLwOU%2FKtVOTS%2FVksM%2FBM8DhiCGe5iHwECJVEBSUh8u2CX%2FtmDcYk1TSiudRdAPwjMNv1Ezah%2B4AD7LvcbnTxqjJBuWU25A10mQCfOHO1YkLQ9AP4uFYz5ZB8aDfQEFUiwgctw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7475efddeb12b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (2014)
Size:   19280
Md5:    3babf5cde318c9fecf71b095917826ac
Sha1:   fc9acf9e1366bae19af069584c67625699e33bff
Sha256: a8a38baf66b623c8779eb659f3c28f0848a270fe1f040dc8409cfbd02754c81a
                                        
                                            GET /vrfttcyber/assets/images/browsers/firefox.png HTTP/1.1 
Host: go.cyberslut2069.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=f1c27b1779234eb793cfc15dc32ecbfc&tk=MSJ7L4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         54.230.111.7
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 127454
last-modified: Thu, 02 Dec 2021 15:25:36 GMT
server: AmazonS3
date: Wed, 07 Sep 2022 14:26:17 GMT
etag: "ff5982c71adc3b6a987a2192b6008949"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: KxG5MGeRDttm80_UJEjgPOb3YCtkhTUqFxOo0-Y5Er1ijGoFZ39pmw==
age: 61011
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size:   127454
Md5:    ff5982c71adc3b6a987a2192b6008949
Sha1:   c2819962300bfa4db9dd7ee6f22e35ea910a3808
Sha256: 612ec2b0a5a9d4b3841189d8c4af98509df5ac48eeea5ab1945dfd0e1eab78b3
                                        
                                            GET /vrfttcyber/assets/sounds/general/click1.mp3 HTTP/1.1 
Host: go.cyberslut2069.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=f1c27b1779234eb793cfc15dc32ecbfc&tk=MSJ7L4
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         54.230.111.7
HTTP/2 206 Partial Content
content-type: application/octet-stream
                                        
content-length: 16635
last-modified: Thu, 02 Dec 2021 15:26:03 GMT
server: AmazonS3
date: Thu, 08 Sep 2022 07:23:07 GMT
etag: "4838176bcd52d9b69d6d48c1870ca579"
vary: Accept-Encoding
content-range: bytes 0-16634/16635
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Es7kY2jEdNMrtoRSoMc4zjIgwsrZhfyFig12XYvqyIcoIY0Gnf6lEw==
age: 17904
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Audio file with ID3 version 2.2.0, contains: MPEG ADTS, layer III, v1, 160 kbps, 44.1 kHz, JntStereo\012- data
Size:   16635
Md5:    4838176bcd52d9b69d6d48c1870ca579
Sha1:   5a0892ccae91806a9695c5be1f2752e122608d8e
Sha256: 781bb8d577f6448612e8fa861dfa39d64a2e5961c17a58c79ef4bcdf4131847b
                                        
                                            GET /vrfttcyber/assets/locale/style/en.css HTTP/1.1 
Host: go.cyberslut2069.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=f1c27b1779234eb793cfc15dc32ecbfc&tk=MSJ7L4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         54.230.111.7
HTTP/2 200 OK
content-type: text/css
                                        
content-length: 192
last-modified: Thu, 02 Dec 2021 15:25:59 GMT
server: AmazonS3
date: Thu, 08 Sep 2022 07:23:07 GMT
etag: "9749fa77c9872329d27a73ea48c2d4c0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: douwvvydvjANCHN3pbJhdwRkhjbPkh5UZOPLfQxuFLCJARlObRuQgg==
age: 11751
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   192
Md5:    9749fa77c9872329d27a73ea48c2d4c0
Sha1:   4cb73328ffbb21a8f4588d512c9cdffa11232f8d
Sha256: e75fb29290acb854de53014f67a449f915d8ea8ab263cd6ba8a0bc72023a5c8b
                                        
                                            GET /vrfttcyber/assets/sounds/general/click2.mp3 HTTP/1.1 
Host: go.cyberslut2069.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=f1c27b1779234eb793cfc15dc32ecbfc&tk=MSJ7L4
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         54.230.111.7
HTTP/2 206 Partial Content
content-type: application/octet-stream
                                        
content-length: 15590
last-modified: Thu, 02 Dec 2021 15:26:03 GMT
server: AmazonS3
date: Thu, 08 Sep 2022 07:23:07 GMT
etag: "2694fd6fc680f77dcf1ae58d9b8ba926"
vary: Accept-Encoding
content-range: bytes 0-15589/15590
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: YK1081kWRzH-ee1XZWQvyHArVZvyhBpEggKC6vpdb6mIN3KfkTe9dw==
age: 8686
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Audio file with ID3 version 2.2.0, contains: MPEG ADTS, layer III, v1, 160 kbps, 44.1 kHz, JntStereo\012- data
Size:   15590
Md5:    2694fd6fc680f77dcf1ae58d9b8ba926
Sha1:   6016e8fb7136ec769fbe6d120c7c97d390922564
Sha256: 4266071bbd14949a438e1d9a958cac2f0b128963b6f6e9fa96b005ed8e718f9e
                                        
                                            GET /vrfttcyber/assets/images/flags/no.png HTTP/1.1 
Host: go.cyberslut2069.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=f1c27b1779234eb793cfc15dc32ecbfc&tk=MSJ7L4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         54.230.111.7
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 414
last-modified: Thu, 02 Dec 2021 15:25:47 GMT
server: AmazonS3
date: Thu, 08 Sep 2022 07:23:08 GMT
etag: "55946900ad615ec4b62748677444f5b7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: GSZRh349uZMm2xTsYZI5l4sXDsGdmvJRHPfIRMoxmlb3quVlxJtRTA==
age: 38784
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 250 x 182, 8-bit colormap, non-interlaced\012- data
Size:   414
Md5:    55946900ad615ec4b62748677444f5b7
Sha1:   8a0f25e081a3266ef7f8ab939417d5c7d48a09d7
Sha256: c82386961fded0d9947ad3320b7ff4c066eea989d082b6409a0815ce0f9a6eb5
                                        
                                            GET /vrfttcyber/assets/images/themes/cyber/favicon/favicon.png HTTP/1.1 
Host: go.cyberslut2069.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=f1c27b1779234eb793cfc15dc32ecbfc&tk=MSJ7L4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         54.230.111.7
HTTP/2 200 OK
content-type: image/png
                                        
content-length: 1421
last-modified: Thu, 02 Dec 2021 15:26:08 GMT
server: AmazonS3
date: Thu, 08 Sep 2022 04:05:32 GMT
etag: "93a7efbb00d5e8f3bd556d7b9efb658e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: m02zNwSQaMdj9fhe5VRUvnZy0Twc1ch152SmjzkpA-SonsU3i9tfIQ==
age: 11857
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Size:   1421
Md5:    93a7efbb00d5e8f3bd556d7b9efb658e
Sha1:   fd6578509d9557cebe3e37fee5ae16dc25b09711
Sha256: 3274036fdc55ac82651c2146f211e508703e5ae97875c722e8b3694df636cd9d
                                        
                                            POST / HTTP/1.1 
Host: ocsp.starfieldtech.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         192.124.249.22
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Sucuri/Cloudproxy
Date: Thu, 08 Sep 2022 07:23:08 GMT
Content-Length: 1845
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 07 Sep 2022 15:22:09 GMT
Expires: Thu, 08 Sep 2022 15:22:09 GMT
ETag: "b452529f67e7ecaf3c025f87261269416083ffba"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"


--- Additional Info ---
Magic:  data
Size:   1845
Md5:    52e5530d6b56911bace126dc5e4bf7fa
Sha1:   b452529f67e7ecaf3c025f87261269416083ffba
Sha256: 97591ffd036c31450a60208085036e6f848e085fd541fbce42c34b42eef571fc
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         143.204.42.156
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Thu, 08 Sep 2022 07:23:08 GMT
Server: ECS (dcb/7EEB)
X-Cache: Miss from cloudfront
Via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: GxrtEDzCKLprFEVJiwsZeIO5fUj7jYnlaqhJUayuUjFPiVQUA1uFsw==

                                        
                                            POST /gsalphasha2g2 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 08 Sep 2022 07:23:09 GMT
Content-Length: 1423
Connection: keep-alive
Expires: Mon, 12 Sep 2022 06:18:59 GMT
ETag: "e24d78d1154399d1d660f5c987086d738e43a6db"
Last-Modified: Thu, 08 Sep 2022 06:19:00 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7475efe71ae50b06-OSL


--- Additional Info ---
Magic:  data
Size:   1423
Md5:    4c5293e67e97d1127b90d81b60de8e04
Sha1:   e24d78d1154399d1d660f5c987086d738e43a6db
Sha256: b175c6ac3a93077aa7bd23f98b954fcc9d7cd9e1e628f07b428e74d869c608a0
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "24ABC98E1ADB5E1E69A5D670F9A043D9D7A6BD75F920F460B96DDD675DD779C3"
Last-Modified: Mon, 05 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Thu, 08 Sep 2022 13:23:09 GMT
Date: Thu, 08 Sep 2022 07:23:09 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3923
Cache-Control: 'max-age=158059'
Date: Thu, 08 Sep 2022 07:23:10 GMT
Last-Modified: Thu, 08 Sep 2022 06:17:48 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /ajax/bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1 
Host: ajax.aspnetcdn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dngsnl.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         152.199.19.160
HTTP/2 200 OK
content-type: text/css
                                        
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 7348526
cache-control: public,max-age=31536000
date: Thu, 08 Sep 2022 07:23:10 GMT
etag: "0e914f2cb33d21:0"
last-modified: Mon, 31 Oct 2016 23:10:18 GMT
server: ECAcc (ska/F740)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 19629
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65371)
Size:   19629
Md5:    7e2bb6028f0b19917a1a2d1944fc72b1
Sha1:   e1837fc75ee2ddd24c6e1df6b309ea212b57e681
Sha256: cc6093bd7162882fd34252fb5d3e8e7d07247e3b70fad894320bf2a960abeda5
                                        
                                            GET /ajax/bootstrap/3.3.7/bootstrap.min.js HTTP/1.1 
Host: ajax.aspnetcdn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dngsnl.com
Connection: keep-alive
Referer: https://dngsnl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         152.199.19.160
HTTP/2 200 OK
content-type: application/javascript
                                        
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 4254335
cache-control: public,max-age=31536000
date: Thu, 08 Sep 2022 07:23:10 GMT
etag: "80bdc1e6cb33d21:0"
last-modified: Mon, 31 Oct 2016 23:09:59 GMT
server: ECAcc (ska/F6C5)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 9839
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32033)
Size:   9839
Md5:    432ca07a1a844dbb27f9e0ab0d468be5
Sha1:   7fdaf858d702f84536a515c675b4028ce2eb0cfa
Sha256: 12732099d21835fabf83a93eec52f7cf1847cd64a0572d18917b2e13b06d5cf0
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 08 Sep 2022 07:23:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 08 Sep 2022 07:23:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 08 Sep 2022 07:23:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dngsnl.com
Connection: keep-alive
Referer: https://dngsnl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 15:53:22 GMT
expires: Wed, 06 Sep 2023 15:53:22 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 142188
last-modified: Mon, 13 May 2019 14:37:17 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   30774
Md5:    81182f4b684635f6bdcbdd907ee66f25
Sha1:   a1f2f151df72ede41397c8131bd47a3ce85575b3
Sha256: be40946c98d9a78a3c7c9ad097d379ab12549a195bd7a4766919a1d3fd987396
                                        
                                            GET /common_tpls/compactML/css/epcjfgacs2.css HTTP/1.1 
Host: dngsnl.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dngsnl.com/acct/epc68088/add/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47266-13493.415.f1c27b1779234eb793cfc15dc32ecbfc&epcCID=U6r9McLbSeOf7am1n8I0i4d8zcteU81fe&rtid=0790360357
Cookie: PHPSESSID=cf7442318adbc55baf86e7449f0f75d1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         207.120.33.45
HTTP/2 200 OK
content-type: text/css
                                        
date: Thu, 08 Sep 2022 07:23:10 GMT
content-length: 8861
last-modified: Thu, 15 Jul 2021 14:50:13 GMT
etag: W/"60f04b25-bac6"
content-encoding: gzip
section-io-cache-id: 119df72864c333ddec850acdd58a387e
vary: Accept-Encoding
x-varnish: 20984574 20881413
age: 6206
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: 37d09fcda0ca48ce5bb8681edcab1011
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   8861
Md5:    8baefa9235356383901af17857ab60c7
Sha1:   6281517070ee798472613658703156ac35c07ae4
Sha256: 3f25245183ea47e8d4b9846dd1a0412b463ae4290f4dc9650723ba9219bd82e3
                                        
                                            GET /common_tpls/images/icons/email.png HTTP/1.1 
Host: dngsnl.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dngsnl.com/acct/epc68088/add/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47266-13493.415.f1c27b1779234eb793cfc15dc32ecbfc&epcCID=U6r9McLbSeOf7am1n8I0i4d8zcteU81fe&rtid=0790360357
Cookie: PHPSESSID=cf7442318adbc55baf86e7449f0f75d1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         207.120.33.45
HTTP/2 200 OK
content-type: image/png
                                        
date: Thu, 08 Sep 2022 07:23:10 GMT
content-length: 1254
last-modified: Mon, 21 Aug 2017 19:32:08 GMT
etag: "599b3538-4e6"
section-io-cache-id: d8134d36579b15f024467b0fe0d23b24
x-varnish: 21302891 21201362
age: 8405
via: 1.1 varnish (Varnish/7.0)
accept-ranges: bytes
section-io-cache: Hit
section-io-id: 9101e94a2f807ba15291f683049b54f4
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Size:   1254
Md5:    a86d99b9176d82a211cfa29b2f0b353f
Sha1:   62947ddfd87e3a21869818885e4bfa4e55ad0c11
Sha256: f8e82194c97e2a11a8c77fcd55d1ded51a1943b78eefac8475890f665dc620f1
                                        
                                            GET /?utm_source=n19ck4pSWjZsA&s1=719fbd40-273d-47b8-882f-683d1074b172&s2=wnbks70gepptfvsi2ijm8b9i HTTP/1.1 
Host: flirtyhoookup.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://balor-ghn.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         104.21.52.165
HTTP/2 302 Found
content-type: text/html; charset=utf-8
                                        
date: Thu, 08 Sep 2022 07:23:06 GMT
location: https://www.arkdcz.com/MSJ7L4/HX6G2NF/?sub1=418543&sub2=jWUpsmlXHxzKCXTLLVeLywmPXzNfAqxSQm
cache-control: max-age=0, private, must-revalidate
cross-origin-window-policy: deny
set-cookie: k=SFMyNTY.g3QAAAAEbQAAAARhdW5xdAAAAAFtAAAABTMxNTQ4bQAAAApwemJaT3JPenhwbQAAAANoaWRtAAAAImpXVXBzbWxYSHh6S0NYVExMVmVMeXdtUFh6TmZBcXhTUW1tAAAAAmhsZAADbmlsbQAAAAN1bnFtAAAADG5taEpQRURFUVhDTw.RDfABOFB5mWkkV-XDkIBzqSCj1ihkfsyo5l73QouXGA; path=/; expires=Fri, 08 Sep 2023 07:23:06 GMT; max-age=31536000
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VK9k%2FAJHs0Skp1sBbumT13g3Yw4TkUvjtTJphNm%2FBHksKhZ5wU%2FwI0IqS8sX587LaZ%2BpR0UC8Il980NONESU%2FyNW4hAkGgwkn7MP7WWzJk9nRvWIkWWQA3tIxBAaIo3Oe3wI%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7475efd24debb529-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   24875
Md5:    70b42a61eb533b4cf11e4424962a9b28
Sha1:   bbbc5d8e9af8b7039c71cc1c7a5a00814012ff56
Sha256: f07cb8c3eabf67360bb73ea898f8a14a99a1bf6546678dcf34d0e1d6a5aba501
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 08 Sep 2022 07:23:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Thu, 08 Sep 2022 07:23:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /releases/v5.15.4/css/pro.min.css?token=b314bdf1b3 HTTP/1.1 
Host: ka-p.fontawesome.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dngsnl.com/
Origin: https://dngsnl.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.18.23.52
HTTP/2 200 OK
content-type: text/css
                                        
date: Thu, 08 Sep 2022 07:23:10 GMT
content-length: 54194
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-d3b2"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 565289
accept-ranges: bytes
server: cloudflare
cf-ray: 7475efeeeae40b06-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65397)
Size:   54194
Md5:    dc9270247a97f75913a5d8934c24de03
Sha1:   ed9b0fa01b552571f99d529ed355b2ba91cfc48d
Sha256: 847cc3ab1ea736cbbaac34833596335471fc7a888089b501b3c83a323566f0b8
                                        
                                            GET /releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3 HTTP/1.1 
Host: ka-p.fontawesome.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dngsnl.com/
Origin: https://dngsnl.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.18.23.52
HTTP/2 200 OK
content-type: text/css
                                        
date: Thu, 08 Sep 2022 07:23:10 GMT
content-length: 4194
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-1062"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 565289
accept-ranges: bytes
server: cloudflare
cf-ray: 7475efeeeae60b06-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (26366)
Size:   4194
Md5:    7fd743485fa194e25e2a207bff6c258a
Sha1:   97c999d752b95ee1ed6271a29aa58109dc17281e
Sha256: dd939d69a23f003d49287291f0bcb59df58119d60bc5f14a81cbfd957894f6dc
                                        
                                            GET /releases/v5.15.4/css/pro-v4-font-face.min.css?token=b314bdf1b3 HTTP/1.1 
Host: ka-p.fontawesome.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dngsnl.com/
Origin: https://dngsnl.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.18.23.52
HTTP/2 200 OK
content-type: text/css
                                        
date: Thu, 08 Sep 2022 07:23:10 GMT
content-length: 2603
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-a2b"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 565289
accept-ranges: bytes
server: cloudflare
cf-ray: 7475efeeeae70b06-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (27832)
Size:   2603
Md5:    eaaabd3f60063923cd5333eb1d7a20a1
Sha1:   0da69706105e28896a1f6eeaa91d5bec1b82f7f1
Sha256: f863309ec0ac675409167610ff9776fa9c7620d6ee3592cc0c19d0b883ff2f70
                                        
                                            GET /vrfttcyber/assets/sounds/general/music.mp3 HTTP/1.1 
Host: go.cyberslut2069.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://go.cyberslut2069.com/vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=f1c27b1779234eb793cfc15dc32ecbfc&tk=MSJ7L4
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         54.230.111.7
HTTP/2 206 Partial Content
content-type: application/octet-stream
                                        
content-length: 3165435
last-modified: Thu, 02 Dec 2021 15:26:05 GMT
server: AmazonS3
date: Thu, 08 Sep 2022 07:23:07 GMT
etag: "8482f7c1977139c5f5bbb2af66e88e01"
vary: Accept-Encoding
content-range: bytes 0-3165434/3165435
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: p9LHF6VaJzM7t_46vVLKWNqw_zUfKhpiE7l-PYqCL8u6wLZYw1IgBQ==
age: 11596
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Audio file with ID3 version 2.2.0, contains: MPEG ADTS, layer III, v1, 160 kbps, 44.1 kHz, JntStereo\012- data
Size:   3086549
Md5:    f13d3007d63d27f0c02c89b1d2ca3462
Sha1:   21e56ce2a2e4956764a63084bb60d29dd84f04d0
Sha256: 370712a98a2b3ef331a311a359e0f207333d9edc08c3ddc2db4e36a8a7b2e57f
                                        
                                            GET /nr-spa-1216.min.js HTTP/1.1 
Host: js-agent.newrelic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dngsnl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.86.137
HTTP/2 200 OK
content-type: application/javascript
                                        
x-amz-id-2: TAwVDFAylU9PwNPPW/eXC4UyIMC8EQ1d6JNW9Q+uXGnPmL1fuimq9M3lAe733gCMeKNDiCQX1YM=
x-amz-request-id: SYTECJR5CMD8NJ8E
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "63e2df852d15ab21d7ff8fc4363222e8"
x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Thu, 08 Sep 2022 07:23:10 GMT
via: 1.1 varnish
x-served-by: cache-bma1625-BMA
x-cache: HIT
x-cache-hits: 2464
x-timer: S1662621791.951489,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 18216
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32010)
Size:   18216
Md5:    6561a2403142205f966207d61576f1a6
Sha1:   1310e72f494e12ab63a4280fc1600a2c89dc9bb8
Sha256: 0e496fcab0b9120938373e271fa6631b7da17adf33f8a490637467c170a3e37a
                                        
                                            GET /signup/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47266-13493.415.f1c27b1779234eb793cfc15dc32ecbfc HTTP/1.1 
Host: fstlgin.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://go.cyberslut2069.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         163.171.140.79
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
date: Thu, 08 Sep 2022 07:23:09 GMT
server: PWS/8.3.1.0.8
set-cookie: PHPSESSID=9b3bf21971fc0f5a7d84c10b4bf1a296; path=/; secure; SameSite=None
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
expires: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
location: https://dngsnl.com/acct/epc68088/add/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47266-13493.415.f1c27b1779234eb793cfc15dc32ecbfc&epcCID=U6r9McLbSeOf7am1n8I0i4d8zcteU81fe&rtid=0790360357
via: 1.1 PSmglsjLAX2hu177:8 (W), 1.1 PShlamstdAMS1cc96:17 (W)
x-px: ms PShlamstdAMS1cc96AMS,ms PSmglsjLAX2hu177LAX(origin)
x-ws-request-id: 6319985d_PShlamstdAMS1se91_38168-41211
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  gzip compressed data, max speed, from Unix\012- data
Size:   17131
Md5:    798a09bf4546ae1f3a9707b62652642b
Sha1:   104df41f061cbfcd73fa66c7bac5e0259df6c996
Sha256: beb2e6c434504068eaa84e927494bf0daf814b3bf91f76f3c520dc67843da083
                                        
                                            GET /1/NRJS-53a3e8e5a523894a2ee?a=936088839&v=1216.487a282&to=M1JTNkMACEoAVRcNDAoYZBBYTg9XBVMbShMMRw%3D%3D&rst=3074&ck=1&ref=https://dngsnl.com/acct/epc68088/add/&ap=90&be=2466&fe=2976&dc=2972&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1662621780504,%22n%22:0,%22f%22:1623,%22dn%22:1625,%22dne%22:1649,%22c%22:1649,%22s%22:1755,%22ce%22:2020,%22rq%22:2020,%22rp%22:2356,%22rpe%22:2356,%22dl%22:2361,%22di%22:2968,%22ds%22:2972,%22de%22:2974,%22dc%22:2974,%22l%22:2974,%22le%22:2978%7D,%22navigation%22:%7B%7D%7D&at=HxVQQAsaG0Q%3D&jsonp=NREUM.setToken HTTP/1.1 
Host: bam.nr-data.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dngsnl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         162.247.241.14
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Thu, 08 Sep 2022 07:23:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7475eff27e5c1c02-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=f7182c5efe28cec1; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   72
Md5:    107d93e382e2c9b00fbf9fb0edc65d86
Sha1:   77e750e3ebf9706f4f6dd253785602d70be17c6c
Sha256: a1ee50b689ea433a0acdccbf4ee4629e9ea3f9c4bcdd21effb334359a2f9e937
                                        
                                            POST /events/1/NRJS-53a3e8e5a523894a2ee?a=936088839&v=1216.487a282&to=M1JTNkMACEoAVRcNDAoYZBBYTg9XBVMbShMMRw%3D%3D&rst=3395&ck=1&ref=https://dngsnl.com/acct/epc68088/add/ HTTP/1.1 
Host: bam.nr-data.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
Content-Length: 675
Origin: https://dngsnl.com
Connection: keep-alive
Referer: https://dngsnl.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         162.247.241.14
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 08 Sep 2022 07:23:11 GMT
Content-Length: 24
Connection: keep-alive
CF-Ray: 7475eff3af801c02-OSL
Access-Control-Allow-Origin: https://dngsnl.com
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Vary: Accept-Encoding
Server: cloudflare


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   24
Md5:    bc32ed98d624acb4008f986349a20d26
Sha1:   2d3df8c11d2168ce2c27e0937421d11d85016361
Sha256: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
                                        
                                            GET /ep.php/prmagms:71475/68088:415.f1c27b1779234eb793cfc15dc32ecbfc HTTP/1.1 
Host: www.fst-ent-lnk.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         54.200.116.57
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
date: Thu, 08 Sep 2022 07:23:08 GMT
location: https://fstlgin.com/signup/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47266-13493.415.f1c27b1779234eb793cfc15dc32ecbfc
set-cookie: AWSALB=4wNShHcN7h4+6DmInPD/K8pX6YD4RNA1XE7hAcPIhQlBOc9U5VXCpaw913Le/QdPORAC4oK8bNpidRZDdGmlZgRQxKi2fjYm/dIzedZ52/taF/RqSYzUJ9FK6JtQ; Expires=Thu, 15 Sep 2022 07:23:08 GMT; Path=/ AWSALBCORS=4wNShHcN7h4+6DmInPD/K8pX6YD4RNA1XE7hAcPIhQlBOc9U5VXCpaw913Le/QdPORAC4oK8bNpidRZDdGmlZgRQxKi2fjYm/dIzedZ52/taF/RqSYzUJ9FK6JtQ; Expires=Thu, 15 Sep 2022 07:23:08 GMT; Path=/; SameSite=None; Secure vip_id=68088.47266-13493; expires=Sun, 11-Sep-2022 07:23:08 GMT; Max-Age=259200; path=/
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /b314bdf1b3.js HTTP/1.1 
Host: kit.fontawesome.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dngsnl.com
Connection: keep-alive
Referer: https://dngsnl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         104.18.23.52
HTTP/2 200 OK
content-type: text/javascript
                                        
date: Thu, 08 Sep 2022 07:23:10 GMT
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, must-revalidate
strict-transport-security: max-age=31536000; preload
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: FxDOkOaSbBI2tu8RsiEC
cf-cache-status: HIT
server: cloudflare
cf-ray: 7475efee19fb0b06-OSL
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /icon?family=Material+Icons HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dngsnl.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 08 Sep 2022 07:23:10 GMT
date: Thu, 08 Sep 2022 07:23:10 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /?v=1 HTTP/1.1 
Host: geoip.enlistsecureup.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dngsnl.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         163.171.128.172
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Thu, 08 Sep 2022 07:23:10 GMT
server: waf/4.31.15-0.el6
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-via: 1.1 PS-DFW-01gGZ147:7 (Cdn Cache Server V2.0), 1.1 PSdgflkfFRA1bc200:14 (Cdn Cache Server V2.0), 1.1 PSdgflkfFRA1je97:15 (Cdn Cache Server V2.0)
x-ws-request-id: 6319985e_PSdgflkfFRA1gi91_35937-24827
set-cookie: HMF_CI=5ca57e9d57c0a0ca1f6bd7fa761b31ce96b694f2427230e694a2174903f44a66cd1b881dcb0de3888671c6300bf77e0c3e7a615a406f860372a7e9f1acac6887ac; Expires=Sat, 08-Oct-22 07:23:10 GMT; Path=/
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /vrfttcyber/?bi=pw&sd=1&fk=cyber&ai=68088&ca=415&ci=f1c27b1779234eb793cfc15dc32ecbfc&tk=MSJ7L4 HTTP/1.1 
Host: go.cyberslut2069.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://balor-ghn.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.7
HTTP/2 200 OK
content-type: text/html
                                        
last-modified: Thu, 23 Dec 2021 16:52:18 GMT
server: AmazonS3
content-encoding: gzip
date: Wed, 07 Sep 2022 22:57:20 GMT
etag: W/"0d1c30819e500f4f596aa3421773d64f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 3axbS6BidjvdxLfRHZTEV2Vc2fIkFIFH_xvq9_qiTAYjrGULpr6AEA==
age: 30348
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /geoip/country?callback=window.gapwn.get_country HTTP/1.1 
Host: country.gameops.tech
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.cyberslut2069.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.67.136.190
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
                                        
date: Thu, 08 Sep 2022 07:23:08 GMT
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
x-content-type-options: nosniff
etag: W/"20d-sKpKw8KGhimKVxiVkhkJPWK187k"
via: 1.1 varnish
age: 785
x-served-by: cache-bma1673-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1662621788.115199,VS0,VE1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AwZDY1Fe20KI10vkTJl8FhvAK64ermA7jFh4v9%2FiqdIiSI22zxuo1JLTUzhYr0L5WvrwFgiKrTw9rQNuIyOH8YjoT5N03OQjGZDPd0z5eGcc32PZZLpaC2td5gs6jh0rKqhG5Z2w7g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7475efdf98ca0b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /common_tpls/js/form_support.js?v=1516308712 HTTP/1.1 
Host: dngsnl.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dngsnl.com/acct/epc68088/add/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47266-13493.415.f1c27b1779234eb793cfc15dc32ecbfc&epcCID=U6r9McLbSeOf7am1n8I0i4d8zcteU81fe&rtid=0790360357
Cookie: PHPSESSID=cf7442318adbc55baf86e7449f0f75d1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         207.120.33.45
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Thu, 08 Sep 2022 07:23:10 GMT
vary: Accept-Encoding
last-modified: Tue, 19 Jan 2021 00:12:19 GMT
etag: W/"600623e3-3d1"
section-io-cache-id: 53eb667fc111ba2b52d539fabf4ff4dc
x-varnish: 21302890 20209244
age: 8700
via: 1.1 varnish (Varnish/7.0)
section-io-cache: Hit
content-encoding: gzip
section-io-id: a87e51d3e3bc77e8d0320327c0c311bb
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /css2?family=Poppins:wght@300;400;600&display=swap HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dngsnl.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 08 Sep 2022 07:23:10 GMT
date: Thu, 08 Sep 2022 07:23:10 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /common_tpls/js/validate_form_v2.js?jsv=25 HTTP/1.1 
Host: dngsnl.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dngsnl.com/acct/epc68088/add/?epcVIP=48.1066.g90&lang=en&email=&password=&ci_qcksub=1&act=epc68088.47266-13493.415.f1c27b1779234eb793cfc15dc32ecbfc&epcCID=U6r9McLbSeOf7am1n8I0i4d8zcteU81fe&rtid=0790360357
Cookie: PHPSESSID=cf7442318adbc55baf86e7449f0f75d1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         207.120.33.45
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Thu, 08 Sep 2022 07:23:10 GMT
vary: Accept-Encoding
last-modified: Wed, 27 Jul 2022 20:38:47 GMT
etag: W/"62e1a257-5a7b"
section-io-cache-id: a0e74c39c13459b91a331fc4a928b135
x-varnish: 20984575 20244596
age: 8555
via: 1.1 varnish (Varnish/7.0)
section-io-cache: Hit
content-encoding: gzip
section-io-id: 6107db3c1a0c4afaf3c9d5117153591e
X-Firefox-Spdy: h2


--- Additional Info ---