2818w.reminews.com/dannig/common-adult-player/index.html
45.133.44.20200 OK 4.3 kB URL HTTP/1.1 2818w.reminews.com/dannig/common-adult-player/index.html
IP 45.133.44.20:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash b1bf1c02ff7cdc2c1552b5a17a50af85
4f3cc8a7b283f6df1e508b14a1b38f443033be9d
632c7683485838cb206b5a57f97e49e7d940c6005efca755662df1969dcc3d8f
Analyzer Verdict Alert fortinet Malware
GET /dannig/common-adult-player/index.html HTTP/1.1
Host: 2818w.reminews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 19:37:13 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 4263
Connection: keep-alive
Server: nginx/1.16.1
Last-Modified: Wed, 22 Dec 2021 15:36:27 GMT
Etag: b1bf1c02ff7cdc2c1552b5a17a50af85
X-Timestamp: 1640187386.05190
X-Trans-Id: tx6dd882d30daa4bc2a5477-0061c43778
X-Openstack-Request-Id: tx6dd882d30daa4bc2a5477-0061c43778
Cache-Control: max-age=172800
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
Access-Control-Allow-Headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
Access-Control-Expose-Headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
Expires: Tue, 04 Oct 2022 19:37:13 GMT
Vary: Accept-Encoding
X-Proxy-Cache: HIT
Accept-Ranges: bytes
firefox.settings.services.mozilla.com/v1/
18.165.201.17200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 18.165.201.17:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 02 Oct 2022 19:03:14 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 835f3c9e7c3bc0e7766edf13dac581de.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: E3wGwQSL5OrinQ_8_hPHLSWaKYBC7wxsHC97jSPGtLqmOsmdbC-2Zw==
Age: 2040
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 60e4edea7b5f4d19f3547a3bb2d5df57
3ee076bab4da3416c2c5808f730cb316c28baef7
763e2dadfdd286a51327cd2000ca335e30cd0b9b7267875d22ca33f7556ba200
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763E2DADFDD286A51327CD2000CA335E30CD0B9B7267875D22CA33F7556BA200"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7163
Expires: Sun, 02 Oct 2022 21:36:37 GMT
Date: Sun, 02 Oct 2022 19:37:14 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
108.156.28.51200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 108.156.28.51:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 02 Oct 2022 03:33:17 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 81dd58fce895623c177df225d0a65d52.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: HDMTSYbpPZIoIczP8x0A0O3_iuDGPJ5LNhwKa0__KLWXZNxDiqSEpQ==
age: 57838
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 02 Oct 2022 19:37:14 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 18fb513b47c07da3476abfa41c367d9e
09d513393e1a899f28d3c4620185523138eece82
378d88063f5c621703246cfa80d08b20e0dd83dbfd093084bca80d444ca59c39
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 19:37:14 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 29 Sep 2022 18:31:27 GMT
Expires: Thu, 06 Oct 2022 18:31:26 GMT
Etag: "09d513393e1a899f28d3c4620185523138eece82"
Cache-Control: max-age=341051,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 753fe438b9420b59-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 18fb513b47c07da3476abfa41c367d9e
09d513393e1a899f28d3c4620185523138eece82
378d88063f5c621703246cfa80d08b20e0dd83dbfd093084bca80d444ca59c39
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 19:37:14 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 29 Sep 2022 18:31:27 GMT
Expires: Thu, 06 Oct 2022 18:31:26 GMT
Etag: "09d513393e1a899f28d3c4620185523138eece82"
Cache-Control: max-age=341051,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 753fe438bde0fab8-OSL
321.selornews.com/dannig/common-adult-player/img/logo.png
45.133.44.20200 OK 7.2 kB URL HTTP/2 321.selornews.com/dannig/common-adult-player/img/logo.png
IP 45.133.44.20:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 298 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 9fa0c2649b56a64bf24ec059fd49b982
802c9d794cc845927439ce8a3077975199015ebb
a513d2e457125cd443461746199793cd61f2e4511a9acfcda504f70b5000c774
GET /dannig/common-adult-player/img/logo.png HTTP/1.1
Host: 321.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://2818w.reminews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Oct 2022 19:37:14 GMT
content-type: image/png
content-length: 7171
server: nginx/1.16.1
last-modified: Mon, 23 Nov 2020 19:23:44 GMT
etag: 9fa0c2649b56a64bf24ec059fd49b982
x-timestamp: 1606159423.58541
x-trans-id: tx2d11e631a979497483925-0061c43777
x-openstack-request-id: tx2d11e631a979497483925-0061c43777
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Tue, 04 Oct 2022 19:37:14 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
321.selornews.com/dannig/common-adult-player/img/pics-4.jpg
45.133.44.20200 OK 9.7 kB URL HTTP/2 321.selornews.com/dannig/common-adult-player/img/pics-4.jpg
IP 45.133.44.20:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data\012- data
Hash bb74abbad9688a711d5c26b38a9836e3
8bec5939654c02d7b800c66547e1aa778c2d438c
3fb9e79f5a0a5fe0f0d466b9d715562c6abeed5b2b32dc4b9673b80494137dbe
GET /dannig/common-adult-player/img/pics-4.jpg HTTP/1.1
Host: 321.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://2818w.reminews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Oct 2022 19:37:14 GMT
content-type: image/jpeg
content-length: 9707
server: nginx/1.16.1
last-modified: Mon, 23 Nov 2020 19:23:45 GMT
etag: bb74abbad9688a711d5c26b38a9836e3
x-timestamp: 1606159424.12202
x-trans-id: tx2568c43dab48428daab33-0061c4377a
x-openstack-request-id: tx2568c43dab48428daab33-0061c4377a
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Tue, 04 Oct 2022 19:37:14 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
321.selornews.com/dannig/common-adult-player/img/burger.png
45.133.44.20200 OK 295 B URL HTTP/2 321.selornews.com/dannig/common-adult-player/img/burger.png
IP 45.133.44.20:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 56 x 50, 8-bit gray+alpha, non-interlaced\012- data
Hash fdea660170d6a7330b24d167c2c3d1d6
c95db01c09abcd2c3b3375ea2baa1443d1473af0
415ba400194f72a1511c8cd22b4bfe13acfeebbf3e9ff958d1e39cbb738d07c8
GET /dannig/common-adult-player/img/burger.png HTTP/1.1
Host: 321.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://2818w.reminews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Oct 2022 19:37:14 GMT
content-type: image/png
content-length: 295
server: nginx/1.16.1
last-modified: Mon, 23 Nov 2020 19:23:50 GMT
etag: fdea660170d6a7330b24d167c2c3d1d6
x-timestamp: 1606159429.21363
x-trans-id: tx19062f4261c14fc1b52b8-0061c43777
x-openstack-request-id: tx19062f4261c14fc1b52b8-0061c43777
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Tue, 04 Oct 2022 19:37:14 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
321.selornews.com/dannig/common-adult-player/img/search-icon.png
45.133.44.20200 OK 516 B URL HTTP/2 321.selornews.com/dannig/common-adult-player/img/search-icon.png
IP 45.133.44.20:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 56 x 50, 8-bit gray+alpha, non-interlaced\012- data
Hash 34123928575ef4cf3df12db2fa095e99
8d5873549768bcbf278e04c6baf6404c2971b07b
0ff5216f552496405eca9c9449f77dd8a913bce909fa9ae8662cb85969f96272
GET /dannig/common-adult-player/img/search-icon.png HTTP/1.1
Host: 321.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://2818w.reminews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Oct 2022 19:37:14 GMT
content-type: image/png
content-length: 516
server: nginx/1.16.1
last-modified: Mon, 23 Nov 2020 19:23:50 GMT
etag: 34123928575ef4cf3df12db2fa095e99
x-timestamp: 1606159429.90293
x-trans-id: txf8c0cb13a9ab43bda419c-0061c43779
x-openstack-request-id: txf8c0cb13a9ab43bda419c-0061c43779
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Tue, 04 Oct 2022 19:37:14 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
321.selornews.com/dannig/common-adult-player/img/btn-icon.png
45.133.44.20200 OK 395 B URL HTTP/2 321.selornews.com/dannig/common-adult-player/img/btn-icon.png
IP 45.133.44.20:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 52 x 56, 8-bit gray+alpha, non-interlaced\012- data
Hash 06f18f63c3036edde4e88c1d5f200104
33c1e2780dc0a6f595afc2d87ed438ccb3d8922b
005e42b95bb1fef26b792467deeba4e0aeadc51bb9726d20dc301c1c80d99d2d
GET /dannig/common-adult-player/img/btn-icon.png HTTP/1.1
Host: 321.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://2818w.reminews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Oct 2022 19:37:14 GMT
content-type: image/png
content-length: 395
server: nginx/1.16.1
last-modified: Mon, 23 Nov 2020 19:23:44 GMT
etag: 06f18f63c3036edde4e88c1d5f200104
x-timestamp: 1606159423.53964
x-trans-id: tx38a031f303324d22a20d6-0061c43777
x-openstack-request-id: tx38a031f303324d22a20d6-0061c43777
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Tue, 04 Oct 2022 19:37:14 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
321.selornews.com/dannig/common-adult-player/img/player-ui-l.png
45.133.44.20200 OK 663 B URL HTTP/2 321.selornews.com/dannig/common-adult-player/img/player-ui-l.png
IP 45.133.44.20:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 144 x 100, 8-bit gray+alpha, non-interlaced\012- data
Hash 5159265d4e4ecc1bfa2e8b028fc0534d
443e7f825760d81906a5c1a4ca660e0385b435fe
46a01582282a1e9326a84e445ba3da470e059b5d091d326e45271b698d6d62a1
GET /dannig/common-adult-player/img/player-ui-l.png HTTP/1.1
Host: 321.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://2818w.reminews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Oct 2022 19:37:14 GMT
content-type: image/png
content-length: 663
server: nginx/1.16.1
last-modified: Mon, 23 Nov 2020 19:23:45 GMT
etag: 5159265d4e4ecc1bfa2e8b028fc0534d
x-timestamp: 1606159424.13124
x-trans-id: txb315f345fc71448a869ee-0061c43777
x-openstack-request-id: txb315f345fc71448a869ee-0061c43777
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Tue, 04 Oct 2022 19:37:14 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
321.selornews.com/dannig/common-adult-player/img/views.png
45.133.44.20200 OK 461 B URL HTTP/2 321.selornews.com/dannig/common-adult-player/img/views.png
IP 45.133.44.20:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 32 x 28, 8-bit/color RGBA, non-interlaced\012- data
Hash 0ad8de150ced2f4ab8828c02c23ab95c
b7620db8dc0ef0075c79de9c0f3409d292413b80
efb233df0a528dd04d7b9725ad679738f043478ced654fe0e9a9b59b205d447b
GET /dannig/common-adult-player/img/views.png HTTP/1.1
Host: 321.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://2818w.reminews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Oct 2022 19:37:14 GMT
content-type: image/png
content-length: 461
server: nginx/1.16.1
last-modified: Mon, 23 Nov 2020 19:23:50 GMT
etag: 0ad8de150ced2f4ab8828c02c23ab95c
x-timestamp: 1606159429.98953
x-trans-id: tx35d0f61c3329414bb13fa-0061c43777
x-openstack-request-id: tx35d0f61c3329414bb13fa-0061c43777
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Tue, 04 Oct 2022 19:37:14 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
321.selornews.com/dannig/common-adult-player/img/player-ui-r.png
45.133.44.20200 OK 1.1 kB URL HTTP/2 321.selornews.com/dannig/common-adult-player/img/player-ui-r.png
IP 45.133.44.20:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 226 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 74174fa53d52a184fa0a586f988f0d94
6fc2f64667c7cfabd7ae7a2409d20de7a501d9a3
4e0fbe743a42b8a641daec0745e3a80e22ed9df424b7e0e0c852ba27b9b409d3
GET /dannig/common-adult-player/img/player-ui-r.png HTTP/1.1
Host: 321.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://2818w.reminews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Oct 2022 19:37:14 GMT
content-type: image/png
content-length: 1118
server: nginx/1.16.1
last-modified: Mon, 23 Nov 2020 19:23:45 GMT
etag: 74174fa53d52a184fa0a586f988f0d94
x-timestamp: 1606159424.19318
x-trans-id: txe8ee6a71a7464855aa3b6-0061c43777
x-openstack-request-id: txe8ee6a71a7464855aa3b6-0061c43777
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Tue, 04 Oct 2022 19:37:14 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
2818.selornews.com/dannig/common-adult-player/css/style.css
45.133.44.20200 OK 22 kB URL HTTP/2 2818.selornews.com/dannig/common-adult-player/css/style.css
IP 45.133.44.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (2400)
Hash 526b5851d4063923ccfbe471143f0932
2b9f3bc80dd94e6d68d642bf68a5cc0d39085b9e
6ac4c4456c0595d52dfd20d83cd869c60dd1eeeead30b078f65d7d2dc1f33f4c
GET /dannig/common-adult-player/css/style.css HTTP/1.1
Host: 2818.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://2818w.reminews.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 02 Oct 2022 19:37:14 GMT
content-type: text/css
content-length: 21671
server: nginx/1.16.1
last-modified: Mon, 23 Nov 2020 19:32:35 GMT
etag: 526b5851d4063923ccfbe471143f0932
x-timestamp: 1606159954.45209
x-trans-id: tx84e0b3c37f0341fd96458-0061c43777
x-openstack-request-id: tx84e0b3c37f0341fd96458-0061c43777
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Tue, 04 Oct 2022 19:37:14 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
321.selornews.com/dannig/common-adult-player/img/pics-1.jpg
45.133.44.20200 OK 9.4 kB URL HTTP/2 321.selornews.com/dannig/common-adult-player/img/pics-1.jpg
IP 45.133.44.20:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data\012- data
Hash 0fdbe8ac7fda89d3ed4d0845d4f86384
b14ff199e53771631d302442b22ecdd1867c88e4
733eb3487f5a82cdb71eda01d36247bf57ad107ee3be967d6561fa7f2f78664e
GET /dannig/common-adult-player/img/pics-1.jpg HTTP/1.1
Host: 321.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://2818w.reminews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Oct 2022 19:37:14 GMT
content-type: image/jpeg
content-length: 9415
server: nginx/1.16.1
last-modified: Mon, 23 Nov 2020 19:23:44 GMT
etag: 0fdbe8ac7fda89d3ed4d0845d4f86384
x-timestamp: 1606159423.61753
x-trans-id: tx25849c12f23b4793943c3-0061c43777
x-openstack-request-id: tx25849c12f23b4793943c3-0061c43777
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Tue, 04 Oct 2022 19:37:14 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
321.selornews.com/dannig/common-adult-player/img/stars.png
45.133.44.20200 OK 589 B URL HTTP/2 321.selornews.com/dannig/common-adult-player/img/stars.png
IP 45.133.44.20:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 169 x 28, 8-bit/color RGBA, non-interlaced\012- data
Hash 586e70ae8cf2f823dc7876917d90be92
33d61043ae53a9377ad37bfd5b84c73f770c4105
894bcd381abf4e10bbbe8802a7c52396d8b6b73cdf9d2837caf8f6a0d7aea707
GET /dannig/common-adult-player/img/stars.png HTTP/1.1
Host: 321.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://2818w.reminews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Oct 2022 19:37:14 GMT
content-type: image/png
content-length: 589
server: nginx/1.16.1
last-modified: Mon, 23 Nov 2020 19:23:45 GMT
etag: 586e70ae8cf2f823dc7876917d90be92
x-timestamp: 1606159424.28164
x-trans-id: txdbf1c414646f4bc2b9451-0061c43777
x-openstack-request-id: txdbf1c414646f4bc2b9451-0061c43777
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Tue, 04 Oct 2022 19:37:14 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
321.selornews.com/dannig/common-adult-player/img/pics-3.jpg
45.133.44.20200 OK 9.2 kB URL HTTP/2 321.selornews.com/dannig/common-adult-player/img/pics-3.jpg
IP 45.133.44.20:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data\012- data
Hash 5f69e27fa1a7f979ca9e375da09d24dc
22699243d1b2bb1da09e8db42cb4f7cdccb71820
d775a68996acfd4e425c30b5ecb82549361b9f18fadea8509c312b4f420d3634
GET /dannig/common-adult-player/img/pics-3.jpg HTTP/1.1
Host: 321.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://2818w.reminews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Oct 2022 19:37:14 GMT
content-type: image/jpeg
content-length: 9158
server: nginx/1.16.1
last-modified: Mon, 23 Nov 2020 19:23:50 GMT
etag: 5f69e27fa1a7f979ca9e375da09d24dc
x-timestamp: 1606159429.34062
x-trans-id: txabf4c3b989ff475692ba4-0061c43777
x-openstack-request-id: txabf4c3b989ff475692ba4-0061c43777
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Tue, 04 Oct 2022 19:37:14 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
321.selornews.com/dannig/common-adult-player/img/pics-2.jpg
45.133.44.20200 OK 6.0 kB URL HTTP/2 321.selornews.com/dannig/common-adult-player/img/pics-2.jpg
IP 45.133.44.20:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data\012- data
Hash 7ca024e2ee360dee3a5ed409d8694295
55ac5fb299e34092ec8323e8f32cba0f33fd4105
0e6b67b963746ceeb4785fe5041806aca4d98a6fce7a2585240d25e32b5fe999
GET /dannig/common-adult-player/img/pics-2.jpg HTTP/1.1
Host: 321.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://2818w.reminews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Oct 2022 19:37:14 GMT
content-type: image/jpeg
content-length: 5972
server: nginx/1.16.1
last-modified: Mon, 23 Nov 2020 19:23:44 GMT
etag: 7ca024e2ee360dee3a5ed409d8694295
x-timestamp: 1606159423.64221
x-trans-id: txed1d93609ca148e9b6af5-0061c4377a
x-openstack-request-id: txed1d93609ca148e9b6af5-0061c4377a
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Tue, 04 Oct 2022 19:37:14 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 18fb513b47c07da3476abfa41c367d9e
09d513393e1a899f28d3c4620185523138eece82
378d88063f5c621703246cfa80d08b20e0dd83dbfd093084bca80d444ca59c39
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 19:37:14 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 29 Sep 2022 18:31:27 GMT
Expires: Thu, 06 Oct 2022 18:31:26 GMT
Etag: "09d513393e1a899f28d3c4620185523138eece82"
Cache-Control: max-age=341051,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 753fe438bd17b4e8-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 18fb513b47c07da3476abfa41c367d9e
09d513393e1a899f28d3c4620185523138eece82
378d88063f5c621703246cfa80d08b20e0dd83dbfd093084bca80d444ca59c39
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 19:37:14 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 29 Sep 2022 18:31:27 GMT
Expires: Thu, 06 Oct 2022 18:31:26 GMT
Etag: "09d513393e1a899f28d3c4620185523138eece82"
Cache-Control: max-age=341051,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 753fe438bfb11c02-OSL
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
18.165.201.17200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 18.165.201.17:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Cache-Control, Alert, Last-Modified, Backoff, Retry-After, Expires, Content-Length, Pragma, ETag
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Sun, 02 Oct 2022 19:32:53 GMT
Expires: Sun, 02 Oct 2022 19:44:56 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 02dcbe051a75d060274d188948821dcc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P3
X-Amz-Cf-Id: BdZwbq76uxMqyWUvq83HVbyKgTi5JwtiGwZz4Ug7gnW0ISG2qgM_Dw==
Age: 261
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 18fb513b47c07da3476abfa41c367d9e
09d513393e1a899f28d3c4620185523138eece82
378d88063f5c621703246cfa80d08b20e0dd83dbfd093084bca80d444ca59c39
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 19:37:14 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 29 Sep 2022 18:31:27 GMT
Expires: Thu, 06 Oct 2022 18:31:26 GMT
Etag: "09d513393e1a899f28d3c4620185523138eece82"
Cache-Control: max-age=341051,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 753fe438bcb8b509-OSL
2818.selornews.com/script.js?slug=common-adult-player
45.133.44.20200 OK 6.4 kB URL HTTP/2 2818.selornews.com/script.js?slug=common-adult-player
IP 45.133.44.20:0
ASN #39572 DataWeb Global Group B.V.
File type C source, ASCII text, with very long lines (349)
Hash 87ed65e4f6ca32b7320cfd6ef7134079
cd4d768c712dba07bf4d94be9ee2a77c4021ad44
808c9a6b91e4ee90a02147d0103af8148ed2dac8932ef766274b5c2b43cbe34c
GET /script.js?slug=common-adult-player HTTP/1.1
Host: 2818.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://2818w.reminews.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 02 Oct 2022 19:37:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 6400
server: nginx/1.16.1
last-modified: Fri, 17 Jun 2022 14:53:17 GMT
etag: 87ed65e4f6ca32b7320cfd6ef7134079
x-timestamp: 1655477596.31301
cache-control: max-age=172800
x-trans-id: tx4895d4d89d9c49979dfc5-0062ac9591
x-openstack-request-id: tx4895d4d89d9c49979dfc5-0062ac9591
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
expires: Tue, 04 Oct 2022 19:37:14 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4eb30b4a4234809cf7d5f89fa1f6ceeb
797242aab2f13c820050aa9accd11b7b950cd177
ce9d833a0ac321a908184b655d6632c481f758a04a9c936a7c303bb253444146
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6514
Cache-Control: max-age=137884
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 19:37:14 GMT
Etag: "63394694-1d7"
Expires: Tue, 04 Oct 2022 09:55:18 GMT
Last-Modified: Sun, 02 Oct 2022 08:06:44 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 8d8153f39d98d17506e5c9121556fe89
55ff0e243607152bd8529d45e7e7e50d34875c24
b4d648348542e8e5587c47405d7442ac6398016d25e54852718e7f66c4e24b06
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 19:37:14 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 01 Oct 2022 11:43:36 GMT
Expires: Sat, 08 Oct 2022 11:43:35 GMT
Etag: "55ff0e243607152bd8529d45e7e7e50d34875c24"
Cache-Control: max-age=489380,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 753fe43c6ee50b59-OSL
4815.reminews.com/common-adult-player/index.html?var=null&ymid=null&rc=1&mrc=0&fsc=0&zoneid=0&tburl=null&tbz=1762378
45.133.44.20200 OK 4.3 kB URL HTTP/2 4815.reminews.com/common-adult-player/index.html?var=null&ymid=null&rc=1&mrc=0&fsc=0&zoneid=0&tburl=null&tbz=1762378
IP 45.133.44.20:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash ec8ade6e16e7f72f2ef4c1e4df97d8e5
f503808072a96f59944d1bd6b9d2ec67561057e6
dc391410e12fd14b262beb4436338bc988df29983960e40a71b23c62b09fc372
GET /common-adult-player/index.html?var=null&ymid=null&rc=1&mrc=0&fsc=0&zoneid=0&tburl=null&tbz=1762378 HTTP/1.1
Host: 4815.reminews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://2818w.reminews.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 02 Oct 2022 19:37:15 GMT
content-type: text/html; charset=utf-8
content-length: 4256
server: nginx/1.16.1
last-modified: Wed, 22 Dec 2021 15:19:04 GMT
etag: ec8ade6e16e7f72f2ef4c1e4df97d8e5
x-timestamp: 1640186343.78856
x-trans-id: tx535145afd10048d8b0b5b-0061c43776
x-openstack-request-id: tx535145afd10048d8b0b5b-0061c43776
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Tue, 04 Oct 2022 19:37:15 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.38.146.2101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.38.146.2:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: bB8tUpAvs+QqdesRQnujxQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: xZVOT3aWAByPbfdzby9LfO7VICs=
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 18fb513b47c07da3476abfa41c367d9e
09d513393e1a899f28d3c4620185523138eece82
378d88063f5c621703246cfa80d08b20e0dd83dbfd093084bca80d444ca59c39
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 19:37:15 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 29 Sep 2022 18:31:27 GMT
Expires: Thu, 06 Oct 2022 18:31:26 GMT
Etag: "09d513393e1a899f28d3c4620185523138eece82"
Cache-Control: max-age=341050,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 753fe43d889d0b59-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 18fb513b47c07da3476abfa41c367d9e
09d513393e1a899f28d3c4620185523138eece82
378d88063f5c621703246cfa80d08b20e0dd83dbfd093084bca80d444ca59c39
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 19:37:15 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 29 Sep 2022 18:31:27 GMT
Expires: Thu, 06 Oct 2022 18:31:26 GMT
Etag: "09d513393e1a899f28d3c4620185523138eece82"
Cache-Control: max-age=341050,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 753fe43d9c49b4e8-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 18fb513b47c07da3476abfa41c367d9e
09d513393e1a899f28d3c4620185523138eece82
378d88063f5c621703246cfa80d08b20e0dd83dbfd093084bca80d444ca59c39
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 19:37:15 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 29 Sep 2022 18:31:27 GMT
Expires: Thu, 06 Oct 2022 18:31:26 GMT
Etag: "09d513393e1a899f28d3c4620185523138eece82"
Cache-Control: max-age=341050,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 753fe43d9e631c02-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 18fb513b47c07da3476abfa41c367d9e
09d513393e1a899f28d3c4620185523138eece82
378d88063f5c621703246cfa80d08b20e0dd83dbfd093084bca80d444ca59c39
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 19:37:15 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 29 Sep 2022 18:31:27 GMT
Expires: Thu, 06 Oct 2022 18:31:26 GMT
Etag: "09d513393e1a899f28d3c4620185523138eece82"
Cache-Control: max-age=341050,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 753fe43d9cd4b509-OSL
2818.selornews.com/script.js?slug=common-adult-player
45.133.44.21200 OK 6.4 kB URL HTTP/2 2818.selornews.com/script.js?slug=common-adult-player
IP 45.133.44.21:0
ASN #39572 DataWeb Global Group B.V.
File type C source, ASCII text, with very long lines (349)
Hash 87ed65e4f6ca32b7320cfd6ef7134079
cd4d768c712dba07bf4d94be9ee2a77c4021ad44
808c9a6b91e4ee90a02147d0103af8148ed2dac8932ef766274b5c2b43cbe34c
GET /script.js?slug=common-adult-player HTTP/1.1
Host: 2818.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4815.reminews.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 02 Oct 2022 19:37:15 GMT
content-type: application/javascript; charset=utf-8
content-length: 6400
server: nginx/1.16.1
last-modified: Fri, 17 Jun 2022 14:53:17 GMT
etag: 87ed65e4f6ca32b7320cfd6ef7134079
x-timestamp: 1655477596.31301
cache-control: max-age=172800
x-trans-id: tx4895d4d89d9c49979dfc5-0062ac9591
x-openstack-request-id: tx4895d4d89d9c49979dfc5-0062ac9591
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
expires: Tue, 04 Oct 2022 19:37:15 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
321.selornews.com/dannig/common-adult-player/img/pics-2.jpg
45.133.44.21200 OK 6.0 kB URL HTTP/2 321.selornews.com/dannig/common-adult-player/img/pics-2.jpg
IP 45.133.44.21:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data\012- data
Hash 7ca024e2ee360dee3a5ed409d8694295
55ac5fb299e34092ec8323e8f32cba0f33fd4105
0e6b67b963746ceeb4785fe5041806aca4d98a6fce7a2585240d25e32b5fe999
GET /dannig/common-adult-player/img/pics-2.jpg HTTP/1.1
Host: 321.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4815.reminews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Oct 2022 19:37:15 GMT
content-type: image/jpeg
content-length: 5972
server: nginx/1.16.1
last-modified: Mon, 23 Nov 2020 19:23:44 GMT
etag: 7ca024e2ee360dee3a5ed409d8694295
x-timestamp: 1606159423.64221
x-trans-id: txed1d93609ca148e9b6af5-0061c4377a
x-openstack-request-id: txed1d93609ca148e9b6af5-0061c4377a
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Tue, 04 Oct 2022 19:37:15 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
321.selornews.com/dannig/common-adult-player/img/logo.png
45.133.44.21200 OK 7.2 kB URL HTTP/2 321.selornews.com/dannig/common-adult-player/img/logo.png
IP 45.133.44.21:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 298 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 9fa0c2649b56a64bf24ec059fd49b982
802c9d794cc845927439ce8a3077975199015ebb
a513d2e457125cd443461746199793cd61f2e4511a9acfcda504f70b5000c774
GET /dannig/common-adult-player/img/logo.png HTTP/1.1
Host: 321.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4815.reminews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Oct 2022 19:37:15 GMT
content-type: image/png
content-length: 7171
server: nginx/1.16.1
last-modified: Mon, 23 Nov 2020 19:23:44 GMT
etag: 9fa0c2649b56a64bf24ec059fd49b982
x-timestamp: 1606159423.58541
x-trans-id: tx2d11e631a979497483925-0061c43777
x-openstack-request-id: tx2d11e631a979497483925-0061c43777
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Tue, 04 Oct 2022 19:37:15 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
321.selornews.com/dannig/common-adult-player/img/pics-4.jpg
45.133.44.21200 OK 9.7 kB URL HTTP/2 321.selornews.com/dannig/common-adult-player/img/pics-4.jpg
IP 45.133.44.21:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data\012- data
Hash bb74abbad9688a711d5c26b38a9836e3
8bec5939654c02d7b800c66547e1aa778c2d438c
3fb9e79f5a0a5fe0f0d466b9d715562c6abeed5b2b32dc4b9673b80494137dbe
GET /dannig/common-adult-player/img/pics-4.jpg HTTP/1.1
Host: 321.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4815.reminews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Oct 2022 19:37:15 GMT
content-type: image/jpeg
content-length: 9707
server: nginx/1.16.1
last-modified: Mon, 23 Nov 2020 19:23:45 GMT
etag: bb74abbad9688a711d5c26b38a9836e3
x-timestamp: 1606159424.12202
x-trans-id: tx2568c43dab48428daab33-0061c4377a
x-openstack-request-id: tx2568c43dab48428daab33-0061c4377a
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Tue, 04 Oct 2022 19:37:15 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
321.selornews.com/dannig/common-adult-player/img/burger.png
45.133.44.21200 OK 295 B URL HTTP/2 321.selornews.com/dannig/common-adult-player/img/burger.png
IP 45.133.44.21:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 56 x 50, 8-bit gray+alpha, non-interlaced\012- data
Hash fdea660170d6a7330b24d167c2c3d1d6
c95db01c09abcd2c3b3375ea2baa1443d1473af0
415ba400194f72a1511c8cd22b4bfe13acfeebbf3e9ff958d1e39cbb738d07c8
GET /dannig/common-adult-player/img/burger.png HTTP/1.1
Host: 321.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4815.reminews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Oct 2022 19:37:15 GMT
content-type: image/png
content-length: 295
server: nginx/1.16.1
last-modified: Mon, 23 Nov 2020 19:23:50 GMT
etag: fdea660170d6a7330b24d167c2c3d1d6
x-timestamp: 1606159429.21363
x-trans-id: tx19062f4261c14fc1b52b8-0061c43777
x-openstack-request-id: tx19062f4261c14fc1b52b8-0061c43777
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Tue, 04 Oct 2022 19:37:15 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
321.selornews.com/dannig/common-adult-player/img/search-icon.png
45.133.44.21200 OK 516 B URL HTTP/2 321.selornews.com/dannig/common-adult-player/img/search-icon.png
IP 45.133.44.21:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 56 x 50, 8-bit gray+alpha, non-interlaced\012- data
Hash 34123928575ef4cf3df12db2fa095e99
8d5873549768bcbf278e04c6baf6404c2971b07b
0ff5216f552496405eca9c9449f77dd8a913bce909fa9ae8662cb85969f96272
GET /dannig/common-adult-player/img/search-icon.png HTTP/1.1
Host: 321.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4815.reminews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Oct 2022 19:37:15 GMT
content-type: image/png
content-length: 516
server: nginx/1.16.1
last-modified: Mon, 23 Nov 2020 19:23:50 GMT
etag: 34123928575ef4cf3df12db2fa095e99
x-timestamp: 1606159429.90293
x-trans-id: txf8c0cb13a9ab43bda419c-0061c43779
x-openstack-request-id: txf8c0cb13a9ab43bda419c-0061c43779
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Tue, 04 Oct 2022 19:37:15 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
321.selornews.com/dannig/common-adult-player/img/btn-icon.png
45.133.44.21200 OK 395 B URL HTTP/2 321.selornews.com/dannig/common-adult-player/img/btn-icon.png
IP 45.133.44.21:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 52 x 56, 8-bit gray+alpha, non-interlaced\012- data
Hash 06f18f63c3036edde4e88c1d5f200104
33c1e2780dc0a6f595afc2d87ed438ccb3d8922b
005e42b95bb1fef26b792467deeba4e0aeadc51bb9726d20dc301c1c80d99d2d
GET /dannig/common-adult-player/img/btn-icon.png HTTP/1.1
Host: 321.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4815.reminews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Oct 2022 19:37:15 GMT
content-type: image/png
content-length: 395
server: nginx/1.16.1
last-modified: Mon, 23 Nov 2020 19:23:44 GMT
etag: 06f18f63c3036edde4e88c1d5f200104
x-timestamp: 1606159423.53964
x-trans-id: tx38a031f303324d22a20d6-0061c43777
x-openstack-request-id: tx38a031f303324d22a20d6-0061c43777
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Tue, 04 Oct 2022 19:37:15 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
321.selornews.com/dannig/common-adult-player/img/player-ui-l.png
45.133.44.21200 OK 663 B URL HTTP/2 321.selornews.com/dannig/common-adult-player/img/player-ui-l.png
IP 45.133.44.21:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 144 x 100, 8-bit gray+alpha, non-interlaced\012- data
Hash 5159265d4e4ecc1bfa2e8b028fc0534d
443e7f825760d81906a5c1a4ca660e0385b435fe
46a01582282a1e9326a84e445ba3da470e059b5d091d326e45271b698d6d62a1
GET /dannig/common-adult-player/img/player-ui-l.png HTTP/1.1
Host: 321.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4815.reminews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Oct 2022 19:37:15 GMT
content-type: image/png
content-length: 663
server: nginx/1.16.1
last-modified: Mon, 23 Nov 2020 19:23:45 GMT
etag: 5159265d4e4ecc1bfa2e8b028fc0534d
x-timestamp: 1606159424.13124
x-trans-id: txb315f345fc71448a869ee-0061c43777
x-openstack-request-id: txb315f345fc71448a869ee-0061c43777
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Tue, 04 Oct 2022 19:37:15 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
321.selornews.com/dannig/common-adult-player/img/views.png
45.133.44.21200 OK 461 B URL HTTP/2 321.selornews.com/dannig/common-adult-player/img/views.png
IP 45.133.44.21:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 32 x 28, 8-bit/color RGBA, non-interlaced\012- data
Hash 0ad8de150ced2f4ab8828c02c23ab95c
b7620db8dc0ef0075c79de9c0f3409d292413b80
efb233df0a528dd04d7b9725ad679738f043478ced654fe0e9a9b59b205d447b
GET /dannig/common-adult-player/img/views.png HTTP/1.1
Host: 321.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4815.reminews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Oct 2022 19:37:15 GMT
content-type: image/png
content-length: 461
server: nginx/1.16.1
last-modified: Mon, 23 Nov 2020 19:23:50 GMT
etag: 0ad8de150ced2f4ab8828c02c23ab95c
x-timestamp: 1606159429.98953
x-trans-id: tx35d0f61c3329414bb13fa-0061c43777
x-openstack-request-id: tx35d0f61c3329414bb13fa-0061c43777
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Tue, 04 Oct 2022 19:37:15 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
321.selornews.com/dannig/common-adult-player/img/player-ui-r.png
45.133.44.21200 OK 1.1 kB URL HTTP/2 321.selornews.com/dannig/common-adult-player/img/player-ui-r.png
IP 45.133.44.21:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 226 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 74174fa53d52a184fa0a586f988f0d94
6fc2f64667c7cfabd7ae7a2409d20de7a501d9a3
4e0fbe743a42b8a641daec0745e3a80e22ed9df424b7e0e0c852ba27b9b409d3
GET /dannig/common-adult-player/img/player-ui-r.png HTTP/1.1
Host: 321.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4815.reminews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Oct 2022 19:37:15 GMT
content-type: image/png
content-length: 1118
server: nginx/1.16.1
last-modified: Mon, 23 Nov 2020 19:23:45 GMT
etag: 74174fa53d52a184fa0a586f988f0d94
x-timestamp: 1606159424.19318
x-trans-id: txe8ee6a71a7464855aa3b6-0061c43777
x-openstack-request-id: txe8ee6a71a7464855aa3b6-0061c43777
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Tue, 04 Oct 2022 19:37:15 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
321.selornews.com/dannig/common-adult-player/img/pics-1.jpg
45.133.44.21200 OK 9.4 kB URL HTTP/2 321.selornews.com/dannig/common-adult-player/img/pics-1.jpg
IP 45.133.44.21:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data\012- data
Hash 0fdbe8ac7fda89d3ed4d0845d4f86384
b14ff199e53771631d302442b22ecdd1867c88e4
733eb3487f5a82cdb71eda01d36247bf57ad107ee3be967d6561fa7f2f78664e
GET /dannig/common-adult-player/img/pics-1.jpg HTTP/1.1
Host: 321.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4815.reminews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Oct 2022 19:37:15 GMT
content-type: image/jpeg
content-length: 9415
server: nginx/1.16.1
last-modified: Mon, 23 Nov 2020 19:23:44 GMT
etag: 0fdbe8ac7fda89d3ed4d0845d4f86384
x-timestamp: 1606159423.61753
x-trans-id: tx25849c12f23b4793943c3-0061c43777
x-openstack-request-id: tx25849c12f23b4793943c3-0061c43777
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Tue, 04 Oct 2022 19:37:15 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
321.selornews.com/dannig/common-adult-player/img/stars.png
45.133.44.21200 OK 589 B URL HTTP/2 321.selornews.com/dannig/common-adult-player/img/stars.png
IP 45.133.44.21:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 169 x 28, 8-bit/color RGBA, non-interlaced\012- data
Hash 586e70ae8cf2f823dc7876917d90be92
33d61043ae53a9377ad37bfd5b84c73f770c4105
894bcd381abf4e10bbbe8802a7c52396d8b6b73cdf9d2837caf8f6a0d7aea707
GET /dannig/common-adult-player/img/stars.png HTTP/1.1
Host: 321.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4815.reminews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Oct 2022 19:37:15 GMT
content-type: image/png
content-length: 589
server: nginx/1.16.1
last-modified: Mon, 23 Nov 2020 19:23:45 GMT
etag: 586e70ae8cf2f823dc7876917d90be92
x-timestamp: 1606159424.28164
x-trans-id: txdbf1c414646f4bc2b9451-0061c43777
x-openstack-request-id: txdbf1c414646f4bc2b9451-0061c43777
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Tue, 04 Oct 2022 19:37:15 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
jenonaw.com/dupa.gif?z=1762378&var=null&pb=785f1fae110aa6e5cb1642780e3555361664746635&psp=qJxwp3pffwxqiUN5AYtvxfXYI53RkNs7Ll5i2K6wWh8hkbNUfgow8sRQ8Ur-e77vp2UDRJl1L73LzWSEr9gt5iIafbK9g3rFEEHtK3VjKVcELMfkvViKiDtVu8HD-u4nvYYaq7D9Ina2veGG8RjHhzcroukHMXvtdJVDMnUY35p355MeNbE-gYiSghilGB8-s-3SmNKeSNc4DVL942fpZtgrieEKAgRPGbA3WgdTSrbu2UVKpNTi49jLG_480q7a5buSlw6qSr17I6Tgb_lPOrjq_1euWCucEdT0ubLX-9fHsVYaxnOH7CVfNGLimbIFaVmLHsPQAf6iSbmVu-75XjM_iFMFehqtBYjoAtC9k01ETCbJYfZ7huNy84GuQhKNS3W9L8n8H69FCokzsyN9BXOBlno2aPCUrXofor7jWqkoBRebbmdGBHGULi-qsbU1SMpsZtfRy1nzWZFU8_kODOrU8iBm7w-F1UbEKG7HMXFrfQ6OLqhIBWskQyUmEREFN_liakHtROqNUxb3g1By0c6s-kz7mnp0fsUNUROlEtU=&abvar=0&pload=41&rlp=%5B0%2C0%2C0%2C0%2C0%2C0%2C24%2C0%5D
62.122.171.6200 OK 43 B URL HTTP/2 jenonaw.com/dupa.gif?z=1762378&var=null&pb=785f1fae110aa6e5cb1642780e3555361664746635&psp=qJxwp3pffwxqiUN5AYtvxfXYI53RkNs7Ll5i2K6wWh8hkbNUfgow8sRQ8Ur-e77vp2UDRJl1L73LzWSEr9gt5iIafbK9g3rFEEHtK3VjKVcELMfkvViKiDtVu8HD-u4nvYYaq7D9Ina2veGG8RjHhzcroukHMXvtdJVDMnUY35p355MeNbE-gYiSghilGB8-s-3SmNKeSNc4DVL942fpZtgrieEKAgRPGbA3WgdTSrbu2UVKpNTi49jLG_480q7a5buSlw6qSr17I6Tgb_lPOrjq_1euWCucEdT0ubLX-9fHsVYaxnOH7CVfNGLimbIFaVmLHsPQAf6iSbmVu-75XjM_iFMFehqtBYjoAtC9k01ETCbJYfZ7huNy84GuQhKNS3W9L8n8H69FCokzsyN9BXOBlno2aPCUrXofor7jWqkoBRebbmdGBHGULi-qsbU1SMpsZtfRy1nzWZFU8_kODOrU8iBm7w-F1UbEKG7HMXFrfQ6OLqhIBWskQyUmEREFN_liakHtROqNUxb3g1By0c6s-kz7mnp0fsUNUROlEtU=&abvar=0&pload=41&rlp=%5B0%2C0%2C0%2C0%2C0%2C0%2C24%2C0%5D
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
Analyzer Verdict Alert quad9 Sinkholed
POST /dupa.gif?z=1762378&var=null&pb=785f1fae110aa6e5cb1642780e3555361664746635&psp=qJxwp3pffwxqiUN5AYtvxfXYI53RkNs7Ll5i2K6wWh8hkbNUfgow8sRQ8Ur-e77vp2UDRJl1L73LzWSEr9gt5iIafbK9g3rFEEHtK3VjKVcELMfkvViKiDtVu8HD-u4nvYYaq7D9Ina2veGG8RjHhzcroukHMXvtdJVDMnUY35p355MeNbE-gYiSghilGB8-s-3SmNKeSNc4DVL942fpZtgrieEKAgRPGbA3WgdTSrbu2UVKpNTi49jLG_480q7a5buSlw6qSr17I6Tgb_lPOrjq_1euWCucEdT0ubLX-9fHsVYaxnOH7CVfNGLimbIFaVmLHsPQAf6iSbmVu-75XjM_iFMFehqtBYjoAtC9k01ETCbJYfZ7huNy84GuQhKNS3W9L8n8H69FCokzsyN9BXOBlno2aPCUrXofor7jWqkoBRebbmdGBHGULi-qsbU1SMpsZtfRy1nzWZFU8_kODOrU8iBm7w-F1UbEKG7HMXFrfQ6OLqhIBWskQyUmEREFN_liakHtROqNUxb3g1By0c6s-kz7mnp0fsUNUROlEtU=&abvar=0&pload=41&rlp=%5B0%2C0%2C0%2C0%2C0%2C0%2C24%2C0%5D HTTP/1.1
Host: jenonaw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Cookie: UID=2210021437b7140e5f04a045e184f0fe5397; OACCAP=ACIS%2BgAAAAAAAAAB; OACBLOCK=ACIS%2BgAAAABjORrQ; OAZCCAP=ABrkSgAAAAAAAAAB; OAZCBLOCK=ABrkSgAAAABjORrQ; OXCCLK=ACIS%2BgAAAAAAAAAB; OXPCLK=AAIw1wAAAAAAAAAB; ppucnt=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 02 Oct 2022 19:37:15 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.redirect-pixel
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15907
Expires: Mon, 03 Oct 2022 00:02:22 GMT
Date: Sun, 02 Oct 2022 19:37:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8d59ee7b197f347e30ac793231158927
3316937f84c08ad1857d2f663dca353e250815f0
c17a343ceb786a421f8c3abfffae350e12c92271a69fc88eb8e8bab568877d6b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15907
Expires: Mon, 03 Oct 2022 00:02:22 GMT
Date: Sun, 02 Oct 2022 19:37:15 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccb5f775-a073-47ba-b076-ad1c96659b64.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccb5f775-a073-47ba-b076-ad1c96659b64.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash edded48f558f739287a040151349ef67
d63b6ba630736d32c364b0e6a369274b2389b7ff
33b4a459df0ba7b36b907ba96d74e08660cc75640c42a5748b97d18ec2e9d533
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccb5f775-a073-47ba-b076-ad1c96659b64.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11083
x-amzn-requestid: 53e2c961-bcc0-4977-8648-ee3c1aed9cde
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWEHRFWfIAMFhlA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b3c7-070212d7386d5efa1b4aa8d3;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:40:23 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Z1KmxHJh9QNfg5x0enkqOjbmiqHvg7nlQiMnuDuCRNWQUBFEiKELbw==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:48:36 GMT
etag: "d63b6ba630736d32c364b0e6a369274b2389b7ff"
content-type: image/jpeg
age: 78520
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd4280e4-6b15-45b7-9469-d13ba14c37db.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd4280e4-6b15-45b7-9469-d13ba14c37db.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9dddb9d84a16a3004821d89836b83dc3
087521979efd5936416fd7f030779fa5725f0a8f
a6251ac43958031d765b5743d43e14bc04b1e465bed81f757c3609ee6f2bea66
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd4280e4-6b15-45b7-9469-d13ba14c37db.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6871
x-amzn-requestid: e1fdb2ee-c0e7-4a0c-ae26-d968aef00503
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWEIOGp2IAMFxSQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b3ce-24b26a8048ffd84071a2ad57;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:40:30 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: -svKnYBuiMSdWObzJyNah9TDIi6IuPP6VMzEJWmn0zxoZbFmwpzkJw==
via: 1.1 c07670802688417c8b871124c547eb0a.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:48:33 GMT
age: 78523
etag: "087521979efd5936416fd7f030779fa5725f0a8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 206fb65e75dbadf119512f71e0b78402
58ff0bf8ce7528b303d28bab01a80ad721705569
56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6315
x-amzn-requestid: 6aa75b16-32e4-48a7-9fb0-9e3d5528c2d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWSdsHUnIAMFXtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338cabd-742d8a436403683e0cd9368f;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 23:18:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 5sAzc5Ewv4g6Wqq6JJiLylG3Jyy_nlWrr5Oteeo6ebEgq7Rvss4XaQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Sun, 02 Oct 2022 04:41:00 GMT
age: 53776
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd7a6e7d5-efdf-4904-b660-ffb0d8ffd4d3.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd7a6e7d5-efdf-4904-b660-ffb0d8ffd4d3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e711c6bf0d0808f0b5c57b80916eba4d
36c8dcdfdc2c59246ba9d999ddffd5387f68155e
e252f3c857e18ddaea7059bfb19826ac5e47c694ce57068d85f60bd1ac5f6c25
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd7a6e7d5-efdf-4904-b660-ffb0d8ffd4d3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6101
x-amzn-requestid: 0edbc5d1-324f-4b4f-a55c-b9333f2bb6a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWDpnFumIAMFoEg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b30a-1422f70670e89174415c1aba;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:37:14 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: hG5L6pTNHLcM-nBovmH6kFuFK5oXJuxVWsnaffj6L8bDlGnpFVJFKg==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 22:17:57 GMT
age: 76759
etag: "36c8dcdfdc2c59246ba9d999ddffd5387f68155e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59054e54-a013-42c5-98a5-abe2b6af4fc6.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59054e54-a013-42c5-98a5-abe2b6af4fc6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 463bdcfbec5426e18ecef83b1c373b71
2e533332ee5c49143e58dad32ee3717a39179532
2c40befd28781482b9be249a792571612d68d7045324083d2c832fa5ec42f04b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59054e54-a013-42c5-98a5-abe2b6af4fc6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4987
x-amzn-requestid: 763edd04-7f8d-42ae-8864-482be3549958
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWEHpFs4oAMFbqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b3ca-2f7b67e85aa83b69183e62b5;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:40:26 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 2Zoggf30lA-Kvt5QYa-IdhGePHCNiphR7pfFiOaFvL8ZkWZIaiK4pA==
via: 1.1 f4367b41311e3e9a490d7461b7b85490.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:48:37 GMT
etag: "2e533332ee5c49143e58dad32ee3717a39179532"
content-type: image/jpeg
age: 78519
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d5b1efd-2ddc-4e8a-b89c-c9601bfeba68.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d5b1efd-2ddc-4e8a-b89c-c9601bfeba68.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ef85af3ef63e35a54bc15fbca5d7236b
e06bd8868eff8c42f5d2e2deec9a361170c8d3ea
0291104bb66ac4849ac5fd433fdf9cbbc7f4a2fcaa1f137aca08be2a4878f54c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d5b1efd-2ddc-4e8a-b89c-c9601bfeba68.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7314
x-amzn-requestid: ba9e3b47-d9dd-49c1-9645-bac582351957
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWDpnGqOoAMFUTA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b30a-0604dff004a5f6364f0fe11c;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:37:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ss4zz6K56bzf1oFauX5_GUyy77r5gwLUcEy2GHrxSbBlwaYNjPZuYA==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:58:03 GMT
age: 77953
etag: "e06bd8868eff8c42f5d2e2deec9a361170c8d3ea"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
321.selornews.com/dannig/common-adult-player/img/btn-icon.png
45.133.44.21200 OK 65 kB URL HTTP/2 321.selornews.com/dannig/common-adult-player/img/btn-icon.png
IP 45.133.44.21:0
ASN #39572 DataWeb Global Group B.V.
File type gzip compressed data, from Unix\012- data
Hash 272eaf70cc40a28fb73461c44da525e4
376fe4ec415910950d315730340e28031d614e2d
d8153f7415f42591fb2f616376d29685adcd7fac498a8c8bd6e5dd24ad90b434
GET /dannig/common-adult-player/img/btn-icon.png HTTP/1.1
Host: 321.selornews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://4815.reminews.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 02 Oct 2022 19:37:15 GMT
content-type: image/png
content-length: 395
server: nginx/1.16.1
last-modified: Mon, 23 Nov 2020 19:23:44 GMT
etag: 06f18f63c3036edde4e88c1d5f200104
x-timestamp: 1606159423.53964
x-trans-id: tx38a031f303324d22a20d6-0061c43777
x-openstack-request-id: tx38a031f303324d22a20d6-0061c43777
cache-control: max-age=172800
access-control-allow-origin: *
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
expires: Tue, 04 Oct 2022 19:37:15 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash a2d3925dad8ae1248c7b5d96220bd00a
8b6326da45860d5f480504e23864de0c28523b61
421d30a538dc347afc7fc8eee0fa6502aa65d789eb2353eb9c9f8bd0c5f3b3d5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 19:37:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-TMR4NP
142.250.74.168200 OK 41 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-TMR4NP
IP 142.250.74.168:0
File type ASCII text, with very long lines (14188)
Hash 262f06ab98dfce4fda1d6949fd4b19ba
37c996e67f713e536a24535042e97bc53f52f61d
35006ca8c9d08f7893a3811e14fac02e552a3ac21ce0c1b7d78d1be1e7ab1277
GET /gtm.js?id=GTM-TMR4NP HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wherevertogo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 02 Oct 2022 19:37:16 GMT
expires: Sun, 02 Oct 2022 19:37:16 GMT
cache-control: private, max-age=900
last-modified: Sun, 02 Oct 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 41376
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 6abe76ca28fe176c44e7475b1d5c93fb
a4a87a771c6f081e5dae3499c090551c6dd31acb
451a8f3a3e654355467b434976022b84820c25b54f7b78472635c7dc3241423f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 19:37:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 18fb513b47c07da3476abfa41c367d9e
09d513393e1a899f28d3c4620185523138eece82
378d88063f5c621703246cfa80d08b20e0dd83dbfd093084bca80d444ca59c39
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 19:37:16 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 29 Sep 2022 18:31:27 GMT
Expires: Thu, 06 Oct 2022 18:31:26 GMT
Etag: "09d513393e1a899f28d3c4620185523138eece82"
Cache-Control: max-age=341049,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 753fe43d9a53fab8-OSL
js-agent.newrelic.com/nr-768.min.js
151.101.86.137200 OK 8.6 kB URL HTTP/2 js-agent.newrelic.com/nr-768.min.js
IP 151.101.86.137:0
File type ASCII text, with very long lines (22625), with no line terminators
Hash f609b011c4024aa0568283a441571094
994180dd4c0201a5d4c016a05617d344e3a30db3
e89e8dbcfbf23828890914f8ba633693f3ac5582770e16fde88bfc1baddea9aa
GET /nr-768.min.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wherevertogo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: dmXezA0qxssYn/E1lcszbz74ofMDQRDe5mJADr/ZeHAS4Nv6Od4/sePCStFoUpbsHpMfa4X1Dl8=
x-amz-request-id: Q97K9MJD03F15ATG
last-modified: Wed, 28 Feb 2018 23:33:43 GMT
etag: "b4b84a4b4f36d13ffaa93c062b2d3e17"
x-amz-version-id: null
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Sun, 02 Oct 2022 19:37:16 GMT
via: 1.1 varnish
x-served-by: cache-bma1651-BMA
x-cache: HIT
x-cache-hits: 4
x-timer: S1664739437.743832,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 8634
X-Firefox-Spdy: h2
tsyndicate.com/api/v1/retargeting/set/e61f38d1-37ba-4a3d-9474-c0d9e0d9ea70?gtmcb=1491577379
136.243.83.47200 OK 35 B URL HTTP/2 tsyndicate.com/api/v1/retargeting/set/e61f38d1-37ba-4a3d-9474-c0d9e0d9ea70?gtmcb=1491577379
IP 136.243.83.47:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/retargeting/set/e61f38d1-37ba-4a3d-9474-c0d9e0d9ea70?gtmcb=1491577379 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wherevertogo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 02 Oct 2022 19:37:16 GMT
content-type: text/plain; charset=utf-8
content-length: 35
pragma: no-cache
expires: 0
vary: *
x-api-version: 1
x-request-id: e4c579c31fdadd6f
set-cookie: ts_rt_e61f38d1-37ba-4a3d-9474-c0d9e0d9ea70=AM_QaTNGTI8YNHLEqHHjxowbOQIC; expires=Mon, 02 Oct 2023 19:37:16 GMT; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
X-Firefox-Spdy: h2
tsyndicate.com/api/v1/retargeting/set/06eb0705-463f-4b96-836b-64bf3cfa8631?gtmcb=413290191
136.243.83.47200 OK 350 B URL HTTP/2 tsyndicate.com/api/v1/retargeting/set/06eb0705-463f-4b96-836b-64bf3cfa8631?gtmcb=413290191
IP 136.243.83.47:0
ASN #24940 Hetzner Online GmbH
Hash c1383c0302b035b07cdb5e537b5d5f01
cc8aec0a2aa302903f584df8dffc459dbccf20d2
56acaa6a01af2b52fa943eb1fb884d8be5a4cfdb1b45931493173d32750fce4b
GET /api/v1/retargeting/set/06eb0705-463f-4b96-836b-64bf3cfa8631?gtmcb=413290191 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wherevertogo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 02 Oct 2022 19:37:16 GMT
content-type: text/plain; charset=utf-8
content-length: 35
pragma: no-cache
expires: 0
vary: *
x-api-version: 1
x-request-id: 90a39fea2fb09ab0
set-cookie: ts_rt_06eb0705-463f-4b96-836b-64bf3cfa8631=AM_QaTNGTA8aMWbIyAEjRo4YAQE=; expires=Mon, 02 Oct 2023 19:37:16 GMT; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
108.138.212.135200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 108.138.212.135:0
Hash d991e6f99a956e3e3d1c0f03963a9625
979ca154dec150faabfdcdf874cb618f0e682740
a75dfeb8d54dedf418a1741b921fdb4f9f64314143300551d3c67997b58bf19a
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 02 Oct 2022 19:37:16 GMT
Last-Modified: Sun, 02 Oct 2022 18:06:34 GMT
Server: ECS (nyb/1D0A)
X-Cache: Miss from cloudfront
Via: 1.1 208aec8d7d6b69028fbed7a7605feea6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR61-P3
X-Amz-Cf-Id: _3NVDOpmko3bGDgbnK73PIUgVTLEtrGOilouK_eqiqKX4S064KwlQA==
Age: 5442
wherevertogo.com/g-adt2/index-no.htm?zoneid=1762378
172.67.216.179200 OK 5.7 kB URL HTTP/2 wherevertogo.com/g-adt2/index-no.htm?zoneid=1762378
IP 172.67.216.179:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (3322), with CRLF line terminators
Hash 83481161fa6082b4fa9ea42962ff7c3c
2942e4cda218bf9a498bea087897d71ae8d7c9d1
a003a275ca5a1ba9af0fca93c876eee7e20215cebb11c463729f0a0e261b3141
GET /g-adt2/index-no.htm?zoneid=1762378 HTTP/1.1
Host: wherevertogo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 02 Oct 2022 19:37:16 GMT
content-type: text/html
last-modified: Wed, 18 May 2022 02:38:11 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CFEBVPfVxj%2FmaQumwvmsA4GIvoXBNqg0Qh3HXDT%2FKWVI4JNPRyTE9DIpykUGtDO7XCYvWicTeF%2FlYRw1bHzpiMq4OjODFLwzhUNGlP9AGItPzswFtL53sS8RbMvaTYyVhW6s"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 753fe4440b63b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b072ceb5d6fd4fa88604c7ef3b0142a1
b28c48e0c2a222b3f21d510917dc58942d937023
f5cc8fc827327f8a182de4986e8594895a71309a250da9c34be27892a81158d8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5243
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 02 Oct 2022 19:37:17 GMT
Last-Modified: Sun, 02 Oct 2022 18:09:55 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
bam.nr-data.net/1/bcc61c6f3d?a=6702766&pl=1664739435753&v=768.2acc9fa&to=clwKRhdcCFhVR0k3W19SEEAEHEtzdWFG&ap=10&be=496&fe=213&dc=102&f=%5B%5D&perf=%7B%22timing%22:%7B%22of%22:1664739435753,%22n%22:0,%22dl%22:486,%22di%22:580,%22ds%22:596,%22de%22:600,%22dc%22:708,%22l%22:708,%22le%22:709,%22f%22:214,%22dn%22:216,%22dne%22:228,%22c%22:228,%22ce%22:241,%22s%22:232,%22rq%22:241,%22rp%22:482,%22rpe%22:482%7D,%22navigation%22:%7B%22ty%22:255%7D%7D&jsonp=NREUM.setToken
162.247.241.14403 Forbidden 2 B URL HTTP/1.1 bam.nr-data.net/1/bcc61c6f3d?a=6702766&pl=1664739435753&v=768.2acc9fa&to=clwKRhdcCFhVR0k3W19SEEAEHEtzdWFG&ap=10&be=496&fe=213&dc=102&f=%5B%5D&perf=%7B%22timing%22:%7B%22of%22:1664739435753,%22n%22:0,%22dl%22:486,%22di%22:580,%22ds%22:596,%22de%22:600,%22dc%22:708,%22l%22:708,%22le%22:709,%22f%22:214,%22dn%22:216,%22dne%22:228,%22c%22:228,%22ce%22:241,%22s%22:232,%22rq%22:241,%22rp%22:482,%22rpe%22:482%7D,%22navigation%22:%7B%22ty%22:255%7D%7D&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /1/bcc61c6f3d?a=6702766&pl=1664739435753&v=768.2acc9fa&to=clwKRhdcCFhVR0k3W19SEEAEHEtzdWFG&ap=10&be=496&fe=213&dc=102&f=%5B%5D&perf=%7B%22timing%22:%7B%22of%22:1664739435753,%22n%22:0,%22dl%22:486,%22di%22:580,%22ds%22:596,%22de%22:600,%22dc%22:708,%22l%22:708,%22le%22:709,%22f%22:214,%22dn%22:216,%22dne%22:228,%22c%22:228,%22ce%22:241,%22s%22:232,%22rq%22:241,%22rp%22:482,%22rpe%22:482%7D,%22navigation%22:%7B%22ty%22:255%7D%7D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wherevertogo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 403 Forbidden
Date: Sun, 02 Oct 2022 19:37:17 GMT
Content-Type: text/plain;charset=UTF-8
Content-Length: 2
Connection: keep-alive
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 753fe44aeb9eb50c-OSL
ads.traffichunt.com/adv_ret/?adv_pixel_id=861&nid=3>mcb=1998118947
3.80.0.135200 OK 20 B URL HTTP/2 ads.traffichunt.com/adv_ret/?adv_pixel_id=861&nid=3>mcb=1998118947
IP 3.80.0.135:0
File type gzip compressed data, max speed, from Unix\012- data
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /adv_ret/?adv_pixel_id=861&nid=3>mcb=1998118947 HTTP/1.1
Host: ads.traffichunt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wherevertogo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 02 Oct 2022 19:37:17 GMT
server: nginx
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
set-cookie: new_adx_profile_guid=c81c76d4-3983-44c0-a18d-8ee2d12bc2db;Max-Age=7776000;Path=/;SameSite=None; Secure
new_3.adx_rt_0=861;Max-Age=7776000;Path=/;SameSite=None; Secure
new_3.adx_daily_rt_0=861;Max-Age=15762;Path=/;SameSite=None; Secure
new_3.adx_rt_0=861;Max-Age=7776000;Path=/;SameSite=None; Secure
3.adx_rt_0=861; Max-Age=7776000; Expires=Sat, 31 Dec 2022 19:37:17 GMT; Path=/
3.adx_daily_rt_0=861; Max-Age=15762; Expires=Sun, 02 Oct 2022 23:59:59 GMT; Path=/
adx_profile_guid=c81c76d4-3983-44c0-a18d-8ee2d12bc2db; Max-Age=7776000; Expires=Sat, 31 Dec 2022 19:37:17 GMT; Path=/
X-Firefox-Spdy: h2
main.exoclick.com/tag.php?goal=5ca8b60d120434a1134c010ca6272da6>mcb=301749493
95.211.229.247200 OK 20 B URL HTTP/1.1 main.exoclick.com/tag.php?goal=5ca8b60d120434a1134c010ca6272da6>mcb=301749493
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /tag.php?goal=5ca8b60d120434a1134c010ca6272da6>mcb=301749493 HTTP/1.1
Host: main.exoclick.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wherevertogo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 02 Oct 2022 19:37:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A83337%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222022-10-02%22%3B%7D%7D; expires=Mon, 02 Oct 2023 19:37:17 GMT; path=/; domain=.exoclick.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
main.exoclick.com/tag.php?goal=33d8e6a4225d77ae914dff110feef000>mcb=1446387617
95.211.229.247200 OK 20 B URL HTTP/1.1 main.exoclick.com/tag.php?goal=33d8e6a4225d77ae914dff110feef000>mcb=1446387617
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /tag.php?goal=33d8e6a4225d77ae914dff110feef000>mcb=1446387617 HTTP/1.1
Host: main.exoclick.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wherevertogo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 02 Oct 2022 19:37:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A80305%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222022-10-02%22%3B%7D%7D; expires=Mon, 02 Oct 2023 19:37:17 GMT; path=/; domain=.exoclick.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 76e5f4da7f5e23bbc4a69594e4ec82cb
9d0ccf01040a25bbc83c6d6bc52defe0f39c74fa
8cd7b4283267ae6f44b7a6615eaaa021a1dab592d841d02308222f222054720c
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 02 Oct 2022 19:37:17 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 02 Oct 2022 19:26:58 GMT
Expires: Sun, 09 Oct 2022 19:26:57 GMT
Etag: "9d0ccf01040a25bbc83c6d6bc52defe0f39c74fa"
Cache-Control: max-age=603579,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 753fe44c8c1c0b59-OSL
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18b1ba6d-ca56-4474-afa8-cd3b53cce28e.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18b1ba6d-ca56-4474-afa8-cd3b53cce28e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6047192460abf4afd600948abb5e6ee1
6d6d52fb5024e7772dd45dd459bfe3ec90cb5ce4
d1fd21a5913f6831d2128c8e9e84767d9730bf9e779da5395dc31b82a10e32e9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18b1ba6d-ca56-4474-afa8-cd3b53cce28e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9340
x-amzn-requestid: e892265e-836d-4638-871f-0548eda57745
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWDf8FCEoAMFyow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338b2cc-7f39bb92066a75a90868dd03;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 21:36:12 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Sk1Dahp1gliiBIghSCZselE7-Fy45svrCk7TdmunOwNefSNqY1P1jA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Oct 2022 21:48:34 GMT
etag: "6d6d52fb5024e7772dd45dd459bfe3ec90cb5ce4"
content-type: image/jpeg
age: 78528
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
tfosrv.com/retargeting.js?id=981>mcb=1360997818
216.18.168.29200 OK 0 B URL HTTP/1.1 tfosrv.com/retargeting.js?id=981>mcb=1360997818
IP 216.18.168.29:0
GET /retargeting.js?id=981>mcb=1360997818 HTTP/1.1
Host: tfosrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wherevertogo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: nginx
date: Sun, 02 Oct 2022 19:37:17 GMT
content-type: text/javascript
transfer-encoding: chunked
vary: Accept-Encoding
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
expires: 0
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
content-encoding: gzip
x-request-id: 6339E86D-D812A81D01BB428B-4525C1C0
jenonaw.com/submit.min.js?abvar=
62.122.171.6200 OK 0 B URL HTTP/2 jenonaw.com/submit.min.js?abvar=
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /submit.min.js?abvar= HTTP/1.1
Host: jenonaw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=2210021437b7140e5f04a045e184f0fe5397
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 02 Oct 2022 19:37:15 GMT
content-type: application/javascript
last-modified: Tue, 27 Sep 2022 14:00:58 GMT
vary: Accept-Encoding
etag: W/"6333021a-8216"
x-js-ab: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2