Overview

URLxxxfree.watch/hegre-helga/
IP 104.21.72.141 ()
ASN#13335 CLOUDFLARENET
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-30 23:35:45 UTC
StatusLoading report..
IDS alerts0
Blocklist alert14
urlquery alerts No alerts detected
Tags None

Domain Summary (50)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
cdn.cloudimagesb.com (1) 23099 2021-02-12 16:15:41 UTC 2022-11-30 21:43:52 UTC 45.133.44.10
vjs.zencdn.net (2) 4968 2012-05-21 08:26:59 UTC 2022-11-30 18:17:37 UTC 151.101.194.217
zlxelxifssxm.n4.adsco.re (1) 0 No data No data 38.132.109.186 Domain (adsco.re) ranked at: 8541
ocsp.sca1b.amazontrust.com (1) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 143.204.42.156
r3.o.lencr.org (16) 344 2020-12-02 08:52:13 UTC 2022-11-30 17:12:16 UTC 23.36.77.32
tractorfoolproofstandard.com (1) 0 2022-11-11 10:41:58 UTC 2022-11-30 21:34:15 UTC 192.243.59.20 Unknown ranking
stats.g.doubleclick.net (1) 96 2013-06-10 20:21:11 UTC 2022-11-30 17:26:15 UTC 74.125.131.154
ocsp.sectigo.com (1) 487 2018-12-17 11:31:55 UTC 2022-11-30 21:13:57 UTC 172.64.155.188
ocsp.globalsign.com (1) 2075 2012-05-25 06:20:55 UTC 2022-11-30 17:14:19 UTC 151.101.66.133
friendshipmale.com (1) 0 2022-10-21 12:15:25 UTC 2022-11-30 19:07:22 UTC 172.64.109.35 Unknown ranking
a.realsrv.com (6) 10080 2019-07-03 16:12:14 UTC 2022-11-30 20:07:04 UTC 185.76.9.22
woffxxx.com (1) 0 2022-02-26 11:00:39 UTC 2022-11-29 14:45:03 UTC 104.21.75.240 Unknown ranking
fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-11-30 21:05:51 UTC 142.250.74.106
fickle-brush.com (1) 0 2022-10-07 13:16:16 UTC 2022-11-29 14:45:06 UTC 188.72.219.35 Unknown ranking
ocsp.digicert.com (8) 86 2012-05-21 07:02:23 UTC 2022-11-30 20:24:46 UTC 93.184.220.29
4.adsco.re (2) 19179 2021-01-04 16:47:52 UTC 2022-11-30 19:05:37 UTC 162.252.214.5
s10.histats.com (1) 15211 2012-05-21 17:14:14 UTC 2022-11-30 19:04:17 UTC 46.105.201.240
zlxelxifssxm.s4.adsco.re (1) 0 No data No data 185.200.116.90 Domain (adsco.re) ranked at: 8541
cdn.creative-bars1.com (5) 0 2022-11-15 16:46:22 UTC 2022-11-30 19:24:38 UTC 172.64.109.13 Unknown ranking
www.sizokiwhe.pro (2) 0 2022-11-24 08:01:29 UTC 2022-11-30 19:12:38 UTC 67.216.91.19 Unknown ranking
xxxfree.watch (2) 507189 2020-06-13 00:18:17 UTC 2022-11-30 20:24:24 UTC 104.21.72.141
xxxfree.watch (2) 507189 2020-06-13 00:18:17 UTC 2022-11-30 20:24:24 UTC 172.67.223.192
content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-11-30 17:19:42 UTC 34.160.144.191
www.googletagmanager.com (1) 75 2013-05-22 02:07:37 UTC 2022-11-30 23:14:41 UTC 142.250.74.168
www.cdn4ads.com (1) 105393 2020-04-19 20:21:04 UTC 2022-11-30 20:30:48 UTC 185.76.9.14
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-30 17:12:31 UTC 34.102.187.140
img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-11-30 17:26:07 UTC 34.120.237.76
s.w.org (8) 748 2017-01-30 04:56:16 UTC 2022-11-30 17:17:42 UTC 192.0.77.48
6.adsco.re (1) 17812 2018-01-15 04:15:29 UTC 2022-11-30 19:15:38 UTC 104.17.167.186
push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-11-30 17:12:17 UTC 54.191.251.76
parkingridiculous.com (5) 0 2022-11-22 03:17:37 UTC 2022-11-30 22:16:53 UTC 192.243.61.227 Unknown ranking
cdn-s13.cfeucdn.com (1) 0 2022-05-13 05:22:37 UTC 2022-11-29 14:45:18 UTC 50.7.214.74 Domain (cfeucdn.com) ranked at: 60381
fonts.gstatic.com (2) 0 2014-09-09 00:40:21 UTC 2022-11-30 22:48:06 UTC 216.58.207.227 Domain (gstatic.com) ranked at: 540
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-30 17:13:24 UTC 34.117.237.239
e1.o.lencr.org (5) 6159 2021-08-20 07:36:30 UTC 2022-11-30 17:37:57 UTC 23.36.77.32
testingmetriksbre.ru (2) 0 2022-06-30 21:55:42 UTC 2022-11-30 20:54:48 UTC 104.26.1.119 Unknown ranking
s3t3d2y8.afcdn.net (14) 0 2022-08-08 22:22:56 UTC 2022-11-30 20:07:06 UTC 185.76.9.21 Unknown ranking
mc.yandex.ru (2) 2672 2017-01-29 05:34:36 UTC 2022-11-30 18:58:07 UTC 87.250.250.119
syndication.realsrv.com (8) 9112 2019-07-03 21:39:52 UTC 2022-11-30 20:07:05 UTC 95.211.229.247
commentsengine.com (1) 0 2022-04-14 14:40:18 UTC 2022-11-30 20:54:35 UTC 172.67.190.246 Unknown ranking
watchxxxfree.xyz (1) 0 2018-08-20 14:30:56 UTC 2022-11-29 14:45:06 UTC 172.67.193.121 Unknown ranking
simplewebanalysis.com (3) 0 2022-02-25 04:06:25 UTC 2022-11-30 17:25:03 UTC 52.28.211.11 Unknown ranking
cdn4ads.com (1) 46207 2020-04-19 20:21:04 UTC 2022-11-30 20:31:08 UTC 216.59.63.128
r3.o.lencr.org (16) 344 2020-12-02 08:52:13 UTC 2022-11-30 17:12:16 UTC 23.36.76.226
ocsp.pki.goog (7) 175 2017-06-14 07:23:31 UTC 2022-11-30 17:12:14 UTC 142.250.74.131
unpkg.com (3) 11693 2016-01-07 23:26:01 UTC 2022-11-30 22:57:17 UTC 104.16.125.175
www.google-analytics.com (1) 40 2013-07-28 22:04:32 UTC 2022-11-30 22:10:37 UTC 142.250.74.110
alleviatepracticableaddicted.com (1) 0 2022-07-05 09:49:47 UTC 2022-11-30 05:53:48 UTC 173.233.137.36 Unknown ranking
unseenreport.com (2) 0 2022-03-30 14:33:17 UTC 2022-11-30 18:57:09 UTC 192.243.61.225 Unknown ranking
cdn.barscreative1.com (1) 25648 2021-09-16 11:14:42 UTC 2022-11-30 19:38:43 UTC 45.133.44.3

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-30 2 parkingridiculous.com/0a/6e/9a/0a6e9a96058c7f39edbf4999920d05a3.js Malware
2022-11-30 2 parkingridiculous.com/sbar.json?key=a6b0b8925d9b3a4154c035c24b4ed97e Malware
2022-11-30 2 parkingridiculous.com/pixel/sbs?c=1 Malware
2022-11-30 2 parkingridiculous.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSujgkRvUTxIijOSR (...) Malware
2022-11-30 2 cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/16327 (...) Phishing

mnemonic secure dns
 No alerts detected

Quad9 DNS
Scan Date Severity Indicator Comment
2022-11-30 2 alleviatepracticableaddicted.com Sinkholed
2022-11-30 2 parkingridiculous.com Sinkholed
2022-11-30 2 parkingridiculous.com Sinkholed
2022-11-30 2 tractorfoolproofstandard.com Sinkholed
2022-11-30 2 parkingridiculous.com Sinkholed
2022-11-30 2 unseenreport.com Sinkholed
2022-11-30 2 unseenreport.com Sinkholed
2022-11-30 2 parkingridiculous.com Sinkholed
2022-11-30 2 parkingridiculous.com Sinkholed


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 2 reports on IP: 104.21.72.141
Date UQ / IDS / BL URL IP
2022-11-30 23:35:45 +0000 0 - 0 - 14 xxxfree.watch/hegre-helga/ 104.21.72.141
2022-08-28 23:37:48 +0000 0 - 0 - 13 teedhobuscasx.com/?gclid=EAIaIQobChMIzJiE0qXn (...) 104.21.72.141


Last 5 reports on ASN: CLOUDFLARENET
Date UQ / IDS / BL URL IP
2023-02-05 14:49:52 +0000 0 - 0 - 1 easy-lay.com/tt/16 188.114.96.1
2023-02-05 14:49:13 +0000 0 - 1 - 0 cdn.discordapp.com/attachments/10670886665367 (...) 162.159.133.233
2023-02-05 14:48:58 +0000 0 - 0 - 5 www53.davisonbarker.pro/pushredirect/?network (...) 104.21.92.39
2023-02-05 14:48:58 +0000 0 - 1 - 0 achcdn.com/prod/redirect.html?lu=cqwajn.com/g (...) 104.21.26.191
2023-02-05 14:48:39 +0000 0 - 1 - 0 cdn.discordapp.com/attachments/10515806766940 (...) 162.159.129.233


Last 4 reports on domain: xxxfree.watch
Date UQ / IDS / BL URL IP
2022-11-30 23:35:45 +0000 0 - 0 - 14 xxxfree.watch/hegre-helga/ 104.21.72.141
2022-10-24 08:01:52 +0000 0 - 0 - 11 xxxfree.watch/avas-addamss-thes-dicks-doctors/ 172.67.223.192
2022-09-16 15:59:31 +0000 0 - 0 - 10 xxxfree.watch/veronica-leal-wet-and-horny/ 172.67.223.192
2022-09-05 05:52:08 +0000 0 - 0 - 7 xxxfree.watch/aria-valencia-tiny-labor-day/ 172.64.175.10


No other reports with similar screenshot

JavaScript

Executed Scripts (90)

Executed Evals (143)
#1 JavaScript::Eval (size: 17) - SHA256: e0bc19473df9795cd42be5da545b5a6828d31527b4ffa3769564f735abec0deb
document.hasFocus
#2 JavaScript::Eval (size: 36) - SHA256: 4105e0401cf30138cd3ec66def6e14b091f0617777c14cd703ba3e8be17d5777
performance.navigation.redirectCount
#3 JavaScript::Eval (size: 27) - SHA256: c66fd00bf884bbcc3f43284fb1c86bcea447ce653124ca7b7202d0e5fd30ae08
window.opener.location.href
#4 JavaScript::Eval (size: 25) - SHA256: de1b699e93a44c66a069974d1603aee656a6e063b19b8bbf5b09946a3a1b9904
window.opener.innerHeight
#5 JavaScript::Eval (size: 29) - SHA256: 12c1e4b959357815447bdfe9fde3665a628e0cd4bbd622c9915820ea57fe01e3
window.InstallTrigger.install
#6 JavaScript::Eval (size: 26) - SHA256: 7510742fba4d25113b6124987e97cba40776bc5030a6a3678974dc8ba075bf81
window.personalbar.visible
#7 JavaScript::Eval (size: 20) - SHA256: 6b612f597a0ed972ce30182713c197e510528ac68ff1711b560641d5f47afefa
navigator.productSub
#8 JavaScript::Eval (size: 22) - SHA256: e924fcaf65b8ea057cb30e32bbdf04fdafe2bde622539d6d1abc466b050917d5
navigator.userLanguage
#9 JavaScript::Eval (size: 24) - SHA256: 6b5c93eab3b74dadfbe0f6c5949ab9f1ec8f012df8f49495664b96b51881ed85
window.RTCPeerConnection
#10 JavaScript::Eval (size: 51) - SHA256: 8c6276b2ab288fa398c4bc128bf765ffc10696c7adb7b2db18019870fa29cbdd
window.external.getHostEnvironmentValue("os-mode");
#11 JavaScript::Eval (size: 26) - SHA256: e495f8780d35a18d80e09be6211760313cd30ac601a5c7478f9ddf4ebf8536ba
navigator.pdfViewerEnabled
#12 JavaScript::Eval (size: 12) - SHA256: bc1a6bd7f4ddbcd78987ea609d4595bdf2422cb1be9e85af5d6c199f62000d6c
screen.width
#13 JavaScript::Eval (size: 25) - SHA256: 63d0de96ffe6e24d709e64517f883a6e6a72e3629aea379ee43b727541794c64
navigator.browserLanguage
#14 JavaScript::Eval (size: 20) - SHA256: 6af0594857ab3b4e97420ca6bf7e098fc0901e86860d2e6a26cdf1d176c37dec
navigator.doNotTrack
#15 JavaScript::Eval (size: 32) - SHA256: 90190e51d410f9862884d5984262f9e1b8e46dd1010b50f1c22c9ef3fa1565fc
window.opener.offscreenBuffering
#16 JavaScript::Eval (size: 30) - SHA256: ca1a06e2314f272f03bc401a7ae0f4056692895b060fd13c00280536b6c56e85
performance.timing.responseEnd
#17 JavaScript::Eval (size: 27) - SHA256: 1c82db5b05628505080952437a7fd64f03942b6e8ec97f799f4f867eaf492134
typeof window.ondevicelight
#18 JavaScript::Eval (size: 22) - SHA256: b19d05a8d492320ab4db4d74ea0e9e90374bed47a18e805f8018ebb00af0c23c
window.menubar.visible
#19 JavaScript::Eval (size: 32) - SHA256: 1138f8c1bb11f4a5f7d8354b8c8a642ef94c9c741d76a7f476bac6473b7de085
window.screenY || window.screenTop
#20 JavaScript::Eval (size: 19) - SHA256: b37d024d71bdbd575b951acfa9a59a5e84dc2f9d7c89748081ccb862ff3c9033
navigator.vendorSub
#21 JavaScript::Eval (size: 31) - SHA256: 7f96f13e41030d403da6d3c41ed3e161053572b43346d4e7c6ade69c0861d6ca
typeof document.visibilityState
#22 JavaScript::Eval (size: 52) - SHA256: b218e02bbc9cda846447b2e8fff62bc41f7f5b0e12ad8adfc05380f8df3288a4
window.external.getHostEnvironmentValue("os-build");
#23 JavaScript::Eval (size: 18) - SHA256: 0200f755a2c13b9335fe39b3a88f696c334e518e8407780c4731d8e6be966c4e
window.outerHeight
#24 JavaScript::Eval (size: 30) - SHA256: 44e10caa26e37d5f8678a008f0d667c1975fbaec0f613439eb60694249001780
navigator.languages.toString()
#25 JavaScript::Eval (size: 26) - SHA256: 92f68565a2781a0fbd595ff5c54717d6b87c6cf19d42c7f3d3d4c81193bb2cb4
navigator.battery.charging
#26 JavaScript::Eval (size: 32) - SHA256: d0ea77c33d12565615b751dd5d753895e6287577bc0cfe0522961048b211daa6
navigator.connection.downlinkMax
#27 JavaScript::Eval (size: 34) - SHA256: de98f45cade0178e1fd1a8257ab99e8431b3d5b35a393217e74ad6caa4efed60
performance.timing.domainLookupEnd
#28 JavaScript::Eval (size: 6) - SHA256: 4cd6c2914887dd4a68e4c9ffbed8b077f048cf795d6cfa0b801d43e0ea5a1560
screen
#29 JavaScript::Eval (size: 33) - SHA256: 511e9d231c9360fcb7670f7cbaffb35bf8180f124fc080ebbfa5962d4c8bb089
window.screenX || window.screenLeft
#30 JavaScript::Eval (size: 46) - SHA256: b1101545a9bed4591a67166c932701b5ec44cb1976bb9df3d584fa2ab8ba8245
window.opener.screenY || window.opener.screenTop
#31 JavaScript::Eval (size: 4) - SHA256: 1bbd174404efbce95f1af489ef93f4aa0f4d55718f24c3504682216afa7b7fb1
eval
#32 JavaScript::Eval (size: 19) - SHA256: fc5a1ffc9513896711ec2c788490995715c8d32ccda8c4e2c68a9bd8cb214e77
document.innerWidth
#33 JavaScript::Eval (size: 17) - SHA256: c03ab22471edc55763f012b82b8d32f981b31ca921a55cc4a663b8bd953b96e7
screen.deviceYDPI
#34 JavaScript::Eval (size: 30) - SHA256: 55ef02d9591328210e59a68fcd1945791f4d0f70cdc7cd3999eb4ba175adbafb
performance.timing.redirectEnd
#35 JavaScript::Eval (size: 24) - SHA256: 38be2b1c1c886666cd4ac85d71bb8b65e51d95c7c5f40b0c575f7d196a0442cd
window.statusbar.visible
#36 JavaScript::Eval (size: 23) - SHA256: 2ef7ca07ed70c4ffbc59b1d3fa8df8cd2be1bfc66d1604246926066c9f44fd0c
screen.orientation.type
#37 JavaScript::Eval (size: 12) - SHA256: 27f88609267c27a6f4e778dcb686f1f2fdf0f4f7cd29ad34826b916266ae45a8
window.close
#38 JavaScript::Eval (size: 20) - SHA256: 3f3d3b81e8706983e30a63da7389e8cd3e70bd7778063d63f748984c42007425
IntersectionObserver
#39 JavaScript::Eval (size: 15) - SHA256: 2daa1a91b2430e9867296c9cb26d1483785954a9bdd66f79b2c754bab7092cae
typeof __gCrWeb
#40 JavaScript::Eval (size: 37) - SHA256: 0e27576eb1e9c067b58d47b8749be97d9e94c1e3d67cdf541784148cd80a04b1
MouseEvent.WEBKIT_FORCE_AT_MOUSE_DOWN
#41 JavaScript::Eval (size: 15) - SHA256: de7f7b137340e1d218833d7afef73ea711325f139a4428eed317ca0374f67c91
navigator.oscpu
#42 JavaScript::Eval (size: 15) - SHA256: da82a56eb8524f5d12a2afcf2c5d0cb6184f26995167212a0ccb3bc2ba0def36
document.hidden
#43 JavaScript::Eval (size: 20) - SHA256: dfafe4f2e08c006ec277e8042267c6237512a1a93bfcf57657420d4becc0a97b
window.mozPaintCount
#44 JavaScript::Eval (size: 12) - SHA256: 20dbc48604a9afee27f0eaf4b84634fabbf1b2c09f78e795896b6fa1747b154a
window.alert
#45 JavaScript::Eval (size: 13) - SHA256: 32c6c6c6d07bb5224356b89b5de1adc4c02b1f7b2f464830005443afc6624e85
window.google
#46 JavaScript::Eval (size: 12) - SHA256: 4ab4edee422a7a6e621718d1ae7180b13ba13f18c0ce3e7e3e26fd68e57e119c
class Foo {}
#47 JavaScript::Eval (size: 31) - SHA256: 043b61c407c6f51e3a4ee18efee76fac227501d805df309988fc1494ae0a30dc
performance.timing.connectStart
#48 JavaScript::Eval (size: 27) - SHA256: e94a47b072c1a87127e88c17e992124bcf93c5d0d6b4e96c73a909444a7cd0d6
window.mozRTCPeerConnection
#49 JavaScript::Eval (size: 14) - SHA256: 28d9693460ce57dd4e01742e50a1baa10cbed3fa6c20c2a69f02424f80fb9a2e
!(top == window)
#50 JavaScript::Eval (size: 20) - SHA256: 3688d7e88d248ea850c456f0233738d10695a410a3dec97785ca7422c3f562c1
document.innerHeight
#51 JavaScript::Eval (size: 41) - SHA256: af18ee7d06fe2ee2da28af260ea0c78923664ecbc220f3ce395c50b1822dab7a
window.performance.memory.jsHeapSizeLimit
#52 JavaScript::Eval (size: 50) - SHA256: 203d92af34680f7fe84b0047f738fae4e2d401f5d28af8d70f067dc77f5acb6a
window.external.getHostEnvironmentValue("os-sku");
#53 JavaScript::Eval (size: 17) - SHA256: 51c1083130407a8772738aa2380eb5a583240a47d98f2204b124c06fd11aabd5
top.frames.length
#54 JavaScript::Eval (size: 19) - SHA256: 63fd63a33ca43f07ce872672d604657ec0fbfbe24bec43f4b322c0f7a1c2ce25
document.hasFocus()
#55 JavaScript::Eval (size: 20) - SHA256: 1b0f9a28e673c21b9a668e2973157b075ac420eda7f39fd5727a77bb32b45ffe
navigator.appVersion
#56 JavaScript::Eval (size: 29) - SHA256: a9dc93ae3dc52ac584bff8e382bf1db1f87b8e3a54243eae8d1e3badb180e834
navigator.connection.downlink
#57 JavaScript::Eval (size: 22) - SHA256: c49e342522959187d587f89ed7dde961d8df29cec6b02dce869f4aa1ac3ef254
window.mozInnerScreenX
#58 JavaScript::Eval (size: 37) - SHA256: 998158f6df4183edd82539e6dc971d32f50bc7ee075f64d4abc46d3011a9da27
document.documentElement.clientHeight
#59 JavaScript::Eval (size: 13) - SHA256: 56e57af29d4af8b1fb7008dbfdf84a764970a6673f1f19165f1a8498ce903d93
screen.height
#60 JavaScript::Eval (size: 27) - SHA256: d411f352f2428265f0fc9f43b7429dafafad74f69cf4022cd51d9df23a67f157
performance.navigation.type
#61 JavaScript::Eval (size: 24) - SHA256: a097c9a52546fb53f0340afda7f34b4e47b836e551135e5ad0b5339ebb314a30
window.opener.outerWidth
#62 JavaScript::Eval (size: 6) - SHA256: 44ff7b02c80d38b26dd6aa31d9470aed81b32e10331a3c994fb1a9945fd847ba
window
#63 JavaScript::Eval (size: 11) - SHA256: 2c6631ee0cabea9afb499cec860aab5fcf40ed956651a0b0ea7b3411e1a31cd9
window.open
#64 JavaScript::Eval (size: 17) - SHA256: b4a3a83fe09d48db0c0b4416fefb19af5f9e069c12d2af8793a18f159574bb79
window.outerWidth
#65 JavaScript::Eval (size: 18) - SHA256: 64e360e85164e7675724c7fe1ed681b25a138c51d437bac5ff97e8910ccf2aa7
window.innerHeight
#66 JavaScript::Eval (size: 48) - SHA256: e7678fa8be4ae3ca69e517858903bb107391f9de7ae346a75288b81b57630269
Intl.DateTimeFormat().resolvedOptions().timeZone
#67 JavaScript::Eval (size: 9) - SHA256: ebf49dcd836f810084c14e0f2dab4dc1768bbdc5980481bf201fcf76771dff7a
navigator
#68 JavaScript::Eval (size: 25) - SHA256: 02665a4c106fc96e71ef5a17511cf353ec3f5cccb82ec9fce719b23967728897
typeof window.WebAssembly
#69 JavaScript::Eval (size: 25) - SHA256: 0098b3fb5f82abbebff8c293e42863b93e210b01f0032c4147fe1457f5b48a93
window.offscreenBuffering
#70 JavaScript::Eval (size: 17) - SHA256: c66ced51cafdeb3a9e3544b0b2e7de4c955a4cd347c4d7b5d74f36923df5a7bd
navigator.product
#71 JavaScript::Eval (size: 18) - SHA256: 793401a4baa2fb67b2049b633d5ebb8c25d2dc67d41071aabd7c180ddbdd2599
navigator.cpuClass
#72 JavaScript::Eval (size: 26) - SHA256: 2638f8c5d74932a6dfe72bc21a585ef3525f7e26bd3dbb1f480071141c325af1
navigator.msMaxTouchPoints
#73 JavaScript::Eval (size: 25) - SHA256: 329a9b85817fb7d3bb2492cbcb23f12b14cf9abd181473b838250e3b745fab50
navigator.connection.type
#74 JavaScript::Eval (size: 18) - SHA256: c1fcce173bd0b08415367c934d5db7c4ed130c7f83a485c91682873bff2954ee
screen.availHeight
#75 JavaScript::Eval (size: 17) - SHA256: 13871edf9ac7e58046d0f0d03811464e388c3f2323eebc6b61954c79dc883459
screen.deviceXDPI
#76 JavaScript::Eval (size: 22) - SHA256: 526c9d85cebcd21526a3b7ffdb87a9c2b6229e00b0bf210634abf6c84e0ad143
navigator.msDoNotTrack
#77 JavaScript::Eval (size: 30) - SHA256: b6a3c0492b8e7ae0ff680b4806058d22f740029707c1f7dda3cad6f985020ba3
(new Date).getTimezoneOffset()
#78 JavaScript::Eval (size: 22) - SHA256: 6e880572810251d722d33109fc0420864f46d69522d25a1df47338c553e38e07
window.isSecureContext
#79 JavaScript::Eval (size: 17) - SHA256: d204422e9d49293ab422bfabae9607635876cb30f77215f133603bac691f6f4b
document.location
#80 JavaScript::Eval (size: 27) - SHA256: bc9c06f981e7daa0478c449324d4010cdbc3c83c9a95879b99a0b531f5cabb87
window.navigator.standalone
#81 JavaScript::Eval (size: 19) - SHA256: 9b078b8e24e4655c21a5876570daac97f2ddc241bfdb259644582b6a7a60930b
navigator.userAgent
#82 JavaScript::Eval (size: 18) - SHA256: 318e5db431b7c9515f38ae97da21d7c4e75ec281aea96271c0d0f4e22b35df92
navigator.language
#83 JavaScript::Eval (size: 16) - SHA256: cd74e6a3b779a514972758fa195725f40176261af18fbcd246e5f401a3ecf849
screen.availLeft
#84 JavaScript::Eval (size: 17) - SHA256: e5ee82e31ec94cc385b3637227b4435f0547b3d0a4aa60cdda1d8fada4779df3
screen.availWidth
#85 JavaScript::Eval (size: 34) - SHA256: 3db042ba8dbf234b0ba7ed8b47e5c8cb58b267af983635a41652258f1e282c0c
window.ScriptEngineBuildVersion();
#86 JavaScript::Eval (size: 24) - SHA256: 89e4c05e12e12f5bdf85a4fb89bad572dd85256091add09fdb9c6e42e703e2bb
document.visibilityState
#87 JavaScript::Eval (size: 108) - SHA256: 8eab171b0d256cf386d222b71fbf5380f2051b67452dbd83f41401a6216a789c
!!document.fullscreen || !!document.mozFullscreen || !!document.webkitIsFullScreen || !!document.fullScreenElement
#88 JavaScript::Eval (size: 29) - SHA256: 876f3c9374f7069c7cabd0907ddad5466010a649a0f34984e5e2cc72f64878a5
navigator.hardwareConcurrency
#89 JavaScript::Eval (size: 22) - SHA256: 4b14cf9e41e192a741c1cb8ec58f13b0495941f984f312bec01ab28807fe99ab
navigator.deviceMemory
#90 JavaScript::Eval (size: 20) - SHA256: fc0d820f6f6693ccd6462b02714dcea358f75a12b72a7fe3f38e24168433f487
var bar = (x) => x + 1
#91 JavaScript::Eval (size: 11) - SHA256: c42b2a75055edd538c357b5923a7eca102ebf4e63f14d7d8b6fa2778d6b1cdd2
screen.left
#92 JavaScript::Eval (size: 17) - SHA256: 031688cb60b9631e34bc623cf81a9eeef73de67ca290d15cccfaa65399420932
screen.colorDepth
#93 JavaScript::Eval (size: 23) - SHA256: fac21d8a86a99b88e4eb395a35aa2970ffb8ffdac1b12280959be2c117e3a09c
window.devicePixelRatio
#94 JavaScript::Eval (size: 34) - SHA256: 9e0e45f2f824eefaed5af40bcadf2c0ce7943df52cda4c3d67ddb03583418dab
window.ScriptEngineMinorVersion();
#95 JavaScript::Eval (size: 12) - SHA256: 5191a526bd66a118a4a51956503fdcf4555cc92b48b9a426d04a7af25d3980e1
window.brave
#96 JavaScript::Eval (size: 46) - SHA256: 30f73e7f08c8e6a25fec00672f75fa725d3fa7a30bf847fb1dcb0115ec2f8607
Intl.DateTimeFormat().resolvedOptions().locale
#97 JavaScript::Eval (size: 30) - SHA256: c2ea2223b59cfea384b15228f4cdc0f7337d4909e20e97e2fa42648ef8ecf610
window.webkitRTCPeerConnection
#98 JavaScript::Eval (size: 17) - SHA256: 5c5bb18e544cb67f765d8a6d2c774838d3ae95df9b62f25660c64554a7302d8e
document.referrer
#99 JavaScript::Eval (size: 10) - SHA256: f73e4e03067983dd5196907f86c9020b174651f1bd0b5d291b217dc927ff068f
screen.top
#100 JavaScript::Eval (size: 15) - SHA256: 4f61f9e962c8c1d90b453b461dd9431c1d3a6a706e61ab5c2a9faf6a71aea93f
screen.availTop
#101 JavaScript::Eval (size: 25) - SHA256: 791b28f4c489619d78906b8af22fbc11b48c0576134d36470ef92468e47da29c
navigator.appMinorVersion
#102 JavaScript::Eval (size: 40) - SHA256: ba8f16658b19940e1168ca8394756fb18272a9ef95d5fb11442ba56601568687
performance.timing.secureConnectionStart
#103 JavaScript::Eval (size: 17) - SHA256: 9094a3d888951e5671f4b6dce42ef291cd071cb196d8761fef42c010ecf5b142
navigator.plugins
#104 JavaScript::Eval (size: 22) - SHA256: 28be88d787b6e773eaf5d0818a6c62446ce628dd8ec0659c6f78410588838337
window.toolbar.visible
#105 JavaScript::Eval (size: 19) - SHA256: c26c62a09a687d08a3ef9d9a960c5ae2ad47fecc853b4fb0380d71586d260a1b
window.opener == null
#106 JavaScript::Eval (size: 31) - SHA256: df3486f2ca74e18e1c81ba55663a8dd4e668e36fed82949b9cca595051bd5064
performance.timing.requestStart
#107 JavaScript::Eval (size: 21) - SHA256: 561f7f2574775993811ac7bc852a2054ede9fb58a62eb0804030e1ff877f4350
document.webkitHidden
#108 JavaScript::Eval (size: 22) - SHA256: 42c1dc825c7afb2edca4a8bca3f669784ae08b69226a5ec5044ee7600fccb397
window.mozInnerScreenY
#109 JavaScript::Eval (size: 59) - SHA256: f8aac102dc71390ed9b53b485b34d036f4c871e18d7015b307b95c8f1dcd9fa1
window.external.getHostEnvironmentValue("os-architecture");
#110 JavaScript::Eval (size: 20) - SHA256: a5e2bc908c3bd3196d273564d073484f9905d13817490eca5aa249e701139cdc
typeof window.chrome
#111 JavaScript::Eval (size: 47) - SHA256: 423946cdca01d4915fdc795bb03491ce4251b32ed1717a7c0146ce14c838d373
window.opener.screenX || window.opener.screenLeft
#112 JavaScript::Eval (size: 34) - SHA256: fa103a26e90f8e37ab2371d0dd320ca199c0ff194f4ded9cee3ccfa85c22f713
window.ScriptEngineMajorVersion();
#113 JavaScript::Eval (size: 29) - SHA256: d01a385e50e8e57c5f15bc18b82e1304ed42dcbe38967d66a30a786e39ed847b
performance.timing.connectEnd
#114 JavaScript::Eval (size: 32) - SHA256: 8d8003d5d1afbb2b7118b1f14afe89138588ed08982c3e8ff31dd4123e7cb076
performance.timing.responseStart
#115 JavaScript::Eval (size: 37) - SHA256: 6530649612f535f1adde48ecf8b5de0677e9b5d77db12eb3dfd90b79b363559e
HTMLCanvasElement.prototype.toDataURL
#116 JavaScript::Eval (size: 36) - SHA256: 436179ef4964c80a03e62015696ba10c5ae70602c6538d07f50b75f35bd72a27
document.documentElement.clientWidth
#117 JavaScript::Eval (size: 17) - SHA256: f8b516a2a0538b8599ab0452be3f3aa473cf3b0c510275d0a30565cefd564701
screen.pixelDepth
#118 JavaScript::Eval (size: 18) - SHA256: addd231a2f2807fb0b4ebdadd2bc23ae2a1cb93a92b07fa6e20ee9af832a8b47
navigator.platform
#119 JavaScript::Eval (size: 24) - SHA256: ebca0f427d949e5889ac01faf63de6370743bddd0169c9354c84bc47e3e8a0b1
window.opener.innerWidth
#120 JavaScript::Eval (size: 33) - SHA256: 0b543b4a53bd5beb9a294e018ea9a8c704e5487af1227121d60699a5ec715c5d
navigator.connection.effectieType
#121 JavaScript::Eval (size: 23) - SHA256: c5d184acbefde172c402f1100cb756d11e8a1c83484977f1d5975bc65a79a7c5
navigator.cookieEnabled
#122 JavaScript::Eval (size: 25) - SHA256: 11ae4500086472eb307c6d2459f0d1446b2cc02b1afda7925d800e2d49f1c9d1
window.opener.outerHeight
#123 JavaScript::Eval (size: 24) - SHA256: ae3766b014bf6a5b6452d14a9f1de103d584e98933db2577122c136bfb9eb0c6
navigator.connection.rtt
#124 JavaScript::Eval (size: 24) - SHA256: 15dde2f8fcb5a8a423088da92307a50f6ba6c59577490e49e2ae24a15c75c2bd
window.clientInformation
#125 JavaScript::Eval (size: 26) - SHA256: e5a13721b456c9e090f80944728fc91767f5ae01b01f59160e73ff2c7cacc587
window.locationbar.visible
#126 JavaScript::Eval (size: 21) - SHA256: 023250096bcba5a18a624685884b3126896db722289f3281cea8ec5cc63476e7
navigator.appCodeName
#127 JavaScript::Eval (size: 28) - SHA256: ef184af14e9e4c14bc286dcbd2a00161c209ce5cf6f9e30c4e7de6d929e9aa4d
typeof document.ontouchstart
#128 JavaScript::Eval (size: 755) - SHA256: 69626d83fade299d96e397490c0ec3852ad23f07d4492a44b6b13144d5133861
function wpHmrook(e) {
    if (('isTrusted' in e) && (e.isTrusted) && (!VAekKVU || !LJzKfs)) {
        VAekKVU = !0;
        LJzKfs = !0;
        document.removeEventListener('mousemove', wpHmrook, passiveSupported ? {
            passive: true
        } : false);
        was_click = true;
        if (navigator.userAgent.toLowerCase().match(/wv/i)) {
            createcxt();
        }
        czlcnnx = 'd5542145de9c0da3fc124978b855a449aa2f5fc8';
        qjEax = '1669851332';
        otPQpA = '92b3943ca1ccf76ae5b566f4026670b68bb4c29e';
    }
}
document.addEventListener('mousemove', wpHmrook, passiveSupported ? {
    passive: true
} : false);
#129 JavaScript::Eval (size: 17) - SHA256: 13e19bbb45d0bb1d1915240763b5bca4ddef99d01edd749954115168c7842c9c
navigator.buildID
#130 JavaScript::Eval (size: 16) - SHA256: d6b5ca1760fc8b29e007efc9c8d2cf7e8a2395825f6f77dada95483fc3171bdf
navigator.onLine
#131 JavaScript::Eval (size: 29) - SHA256: cb6f5b3573826ffd9a881e026fd85eb842d31266833666399582737149c5fc14
navigator.connection.saveData
#132 JavaScript::Eval (size: 29) - SHA256: 95b2bbef556b3dc3b807638cb7b08274af9b8998def0c82d81e3a1517100d68f
performance.timing.fetchStart
#133 JavaScript::Eval (size: 18) - SHA256: 17720ad70d18a072962c7509a9e8f79d6227be2728fb0e89dafb5a1edbc19f40
window.console.log
#134 JavaScript::Eval (size: 29) - SHA256: 9c27754d9297bf8d4022ded2628940ae5a837c7d7d130b197c3dc80627a453e2
HTMLElement.prototype.animate
#135 JavaScript::Eval (size: 21) - SHA256: 61e43d202b6cd0ebf29ac8014115fcb890eb5593c4160b9ae285206ca911bce6
window.history.length
#136 JavaScript::Eval (size: 17) - SHA256: b18f7c2e4dbfe2926b0413634f7cd6781be55e27b4b885dc68a8f740a80d72e1
window.innerWidth
#137 JavaScript::Eval (size: 16) - SHA256: d17194a96291e963420dd3361221101c8fdb7d8d382fc8993563576d3fd29dd6
navigator.vendor
#138 JavaScript::Eval (size: 24) - SHA256: 4b653dda0da63fbe970902ed9a8dc33f1f0555edd3d9f2ae1ad8ed9284632d72
navigator.maxTouchPoints
#139 JavaScript::Eval (size: 23) - SHA256: 76fae4cd7853897c738cd23148b2ebab825379d6ba153e245965183cc3304082
navigator.battery.level
#140 JavaScript::Eval (size: 36) - SHA256: a7dc60bd6993c201941ea0bfc5218f7fea0bc015ee5dc88e658db78d98f8d98a
performance.timing.domainLookupStart
#141 JavaScript::Eval (size: 24) - SHA256: 15eb7e222abfc64660d0f94c04053839498df20ea9ac9a13a201701a56ce3bf6
typeof window.chrome.csi
#142 JavaScript::Eval (size: 25) - SHA256: cfab5312f1cfff1e8162225ab27453306ff627f512bcf18225c0a305ca093e1c
window.scrollbars.visible
#143 JavaScript::Eval (size: 24) - SHA256: 893fe12669f916947d99616b788aa245f8b45c5b8b34544df4114a6a789217ab
navigator.systemLanguage

Executed Writes (0)


HTTP Transactions (138)


Request Response
                                        
                                            GET /hegre-helga/ HTTP/1.1 
Host: xxxfree.watch
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         172.67.223.192
HTTP/1.1 301 Moved Permanently
                                        
Date: Wed, 30 Nov 2022 23:35:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 01 Dec 2022 00:35:31 GMT
Location: https://xxxfree.watch/hegre-helga/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cuZ1eiE4qSdeqYJbyLBiBcKadehl1%2FXSgn0Tv0EwfLqtPTRf2TkGXlUt3CDoLK5DJ5GdvLrRrpO94dFGJOmtSKPnsAy4NMR4B5VasUKLF8qSe1p4J8N00PFDP0NZpnWq"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77276665ed9cb500-OSL
alt-svc: h2=":443"; ma=60

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8233
Expires: Thu, 01 Dec 2022 01:52:44 GMT
Date: Wed, 30 Nov 2022 23:35:31 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3209
Cache-Control: max-age=128957
Date: Wed, 30 Nov 2022 23:35:31 GMT
Etag: "638730f7-1d7"
Expires: Fri, 02 Dec 2022 11:24:48 GMT
Last-Modified: Wed, 30 Nov 2022 10:31:19 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A3EC545A8F9364AC9062EDDB41279E1465687A1B60F9C1DEC6B3A3DF8B033EB3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8860
Expires: Thu, 01 Dec 2022 02:03:11 GMT
Date: Wed, 30 Nov 2022 23:35:31 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 30 Nov 2022 23:19:44 GMT
cache-control: public,max-age=3600
age: 947
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    14cd9a0afb6ba9a763651d5112760d1e
Sha1:   75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
Sha256: 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: ylE2KAYF6kkDcFONSShPIMiGAlr+jli63I0fqj4pRJmCzJRWAnSDCcyzUEJa/HGR0jpCyVdVOZs=
x-amz-request-id: KHS0KYK41008RVSF
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 30 Nov 2022 22:45:24 GMT
age: 3007
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Cache-Control: 'max-age=158059'
Date: Wed, 30 Nov 2022 23:35:31 GMT
Etag: "63879ea7-115"
Server: ECS (amb/6B7A)
Content-Length: 277

                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 30 Nov 2022 23:35:31 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1
Cache-Control: 'max-age=158059'
Date: Wed, 30 Nov 2022 23:35:32 GMT
Etag: "63879ea7-115"
Last-Modified: Wed, 30 Nov 2022 23:35:31 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 277

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3221
Cache-Control: 'max-age=158059'
Date: Wed, 30 Nov 2022 23:35:32 GMT
Last-Modified: Wed, 30 Nov 2022 22:41:51 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /7.8.4/video.min.js?ver=7.8.4 HTTP/1.1 
Host: vjs.zencdn.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         151.101.194.217
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
last-modified: Wed, 08 Jul 2020 20:29:39 GMT
etag: "102cc1896541330762962b95fcb31f95"
cache-control: public, max-age=31536000
content-encoding: gzip
date: Wed, 30 Nov 2022 23:35:32 GMT
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 5
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 139307
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (45362)
Size:   139307
Md5:    62c1afff76ac7a673f537be0120a7ebd
Sha1:   97ddf6a072f381f59e098a7f93c1c4855edd0ec8
Sha256: 7770c06faeee3a1ce7c479c09bc2a1760100b1483945e1c5c4d2f788231ff142
                                        
                                            GET /7.8.4/video-js.css?ver=7.8.4 HTTP/1.1 
Host: vjs.zencdn.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         151.101.194.217
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
last-modified: Wed, 08 Jul 2020 20:29:36 GMT
etag: "397a94bb87dfd0a64ba4d3d502912e4a"
cache-control: public, max-age=31536000
content-encoding: gzip
date: Wed, 30 Nov 2022 23:35:32 GMT
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 3799
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 10738
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (5844)
Size:   10738
Md5:    9f703c1d1b064f5e72d8dba3484e868f
Sha1:   008cc8c438c57c51cc20bb4cb3e6452a287aaa8f
Sha256: a1a9f6ebf0e40976737eeb1b6c544d462e5e444fcc8f59ab044833e2737c05e0
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 23:35:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  gzip compressed data, from Unix\012- data
Size:   1018
Md5:    36eff96460e1e52491cb52f014b3a66d
Sha1:   2556bcee1f2a4d029aa8a2beed36d2e95211df64
Sha256: 572fbb4eec51b10db724c146e22a5265942a6c6757af9ac9808cc59f2da2df11
                                        
                                            GET /gtag/js?id=UA-62001516-1 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.168
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 30 Nov 2022 23:35:32 GMT
expires: Wed, 30 Nov 2022 23:35:32 GMT
cache-control: private, max-age=900
last-modified: Wed, 30 Nov 2022 22:37:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43545
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1921)
Size:   43545
Md5:    9cb4e978b5fcb7436c8ff8f7e530f31f
Sha1:   6b93433f334cb3c1024994ecfce90f2823fe0329
Sha256: f904ecbed7ae3b318edd0ee816517436b0705eac2e7acd124468756d77192b26
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 23:35:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /splash.php?native-settings=1&idzone=4713906&cookieconsent=true&&p=https%3A%2F%2Fxxxfree.watch%2Fhegre-helga%2F HTTP/1.1 
Host: syndication.realsrv.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xxxfree.watch
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         95.211.229.247
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 30 Nov 2022 23:35:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://xxxfree.watch
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226387e8c4897b80.02298939400076985%22%3B%7D; expires=Fri, 29 Nov 2024 23:35:32 GMT; path=; domain=.realsrv.com; Secure; SameSite=none impressions=cmmsxrbonxgxaalsbbboageicmmsxaeenxgxaalsmleergeimacslbecnxgxaaabssxamgeislsaroornxgxaalrmxecrgeicxbmsbxcnxgxaalbcarllgeioslmrxlrnxgxaalmmeabageiccmmlmlcnxgxaalmaeerageialbsereanxgxaalrollmegeioslmrxbrnxgxaalbrxssogeicxbmsbcenxgxaalboamcogeioslmrxlsnxgxaalmbbxcbgeicxbmsbocnxgxaalbcxbsageicxbmsboenxgxaalbrxssogeiclsmarcanxgxaaallsxlcgeiclsmrrmanxgxaaallsxlcgeirbabxabbnxgxaablbccmbgeiccmmlleanxgxaalrollmegeimcrxsbcenxgxaameollsmgeimreaoboenxgxaameollsmgeimcclosscnxgxaalccxmexgeimacslbeenxgxaaboslelageioslmroemnxgxaalbcxbsageioslmrxbmnxgxaalbcarllgeicaxsscmbnxgxaalmlsmmcgeicaormlxonxgxaamealeoegeicaormbmcnxgxaamealeoegeimcclsxscnxgxaamsmxlcageimccloscanxgxaalbrxssogeimreaomxenxgxaamelbbsbgeimreaobscnxgxaamelbbsbgeimcclosconxgxaalrcerllgeimcclsoeonxgxaamxaacblgeimacslbeonxgxaaloesaslgeimcclsxsanxgxaamsmxlcageimcclsxlbnxgxaamssmcolgeimaecseaonxgxaamssmcolgeimaecsxeonxgxaamssmcolgeimaecseronxgxaamssmcolgeimrblelrenxgxaamssmcolgeiccmmllebnxgxaalmrsecmgeimcclsxlonxgxaamcsebsxgeimcclsoeenxgxaamcrclalgeimcclsxsbnxgxaamcrclalgeimcclossbnxgxaalbexcrageimcclsxlcnxgxaamrscxmxgeimaecseranxgxaabrlemaegeimcclosccnxgxaamrscxmxgeicaormlxcnxgxaalbxrlcegeicaormbmbnxgxaalrexasogeiclsmrbsenxgxaamaxcsxcgeialbserebnxgxaalmaeerageimcclsxconxgxaalmlsmmcgeimcclsxmenxgxaalmbbxcbgeialbserxonxgxaalbcxbsageimccloscenxgxaalmlsmmcgeimcclsxxonxgxaalrcerllgeimcclsxbcnxgxaammclslageicaormlxanxgxaammacmrxgeimcclsxaonxgxaaloarmmlgeimrblxxxbnxgxaambboecmgeimrblxelcnxgxaambboecmgeimrblxxrbnxgxaambboecmgeialbserxenxgxaalbxbllogeimacslbeanxgxaablxaelxgeialbserecnxgxaalssbrcxgeiccmmllecnxgxaalbcxbsageisaeeasslnxgxaabrbeccogeimcclossanxgxaabrlemaegeimcclsxronxgxaalraseexgeimaecseabnxgxaabrlemaegeimrblelrcnxgxaabrlemaegeimrblxemonxgxaabrlemaegeimcclsxcanxgxaalrlccrxgeimaecsxoonxgxaabmalbxxgeircsxcxscnxgxaabbxeomsgeicaormbbenxgxaalexxbcxgeiabeocmconxgxaablxrcmmgeimcclsxxcnxgxaalesmxrsgeimrblxeeanxgxaablsaloageimaecsemanxgxaalmmeabageimaecselonxgxaaloaroaageimcclsxacnxgxaalmeeamageimcclselenxgxaalmmeabageimaecsxronxgxaalxmmoorgeimaecsxsenxgxaalxmmoorgeimaecsercnxgxaalxmmoorgeimaecsembnxgxaalxmmoorgeimaecselenxgxaalxmmoorgeimaecobobnxgxaalsmleergeimaecomoanxgxaalsbbboageimrblxxoenxgxaalsbmacmgeimaecobsbnxgxaalsbbboageimrblxosonxgxaalsbbboageimcclsxmanxgxaalmeeamageimaecsxccnxgxaalmeeamageimrblxeecnxgxaalmeeamageimrblelronxgxaalmeeamageimrblelmonxgxaalmeeamageimxcbrxcenxgxaalmabebogxcceimxlbmoobnogxaalmabebogxcceicloaxxabnxgxaalmabaxagxcceicloaxxaanxgxaalmabaxagxcceimclsaoxbncgxaalmmeabagxcceimaecseacnxgxaalmmeabageimaecsxxcnxgxaalmmeabageimcssmlrcnsgxaalmmeabagxcceimraeelabnxgxaalmmeabagxcceimxlbalcenogxaalmmelobgxcceimmxsrbmensgxaalmmoborgxcceimmxsrbabnsgxaalmmoboagxcceimaxecobenogxaalmmccoxgxcceimxlbmxlcnogxaalmmrmlegxcceimxlbmxlenogxaalmmrmlxgxcceimmosssconsgxaalmmbxalgxcceimxxerrecnxgxaalmbxslogxcceimrxccosoncgxaalmbxslogxcceimxxrecsanxgxaalmbsmsbgxcceimxlbmosonogxaalmbcbelgxcceimcoaxmxcncgxaalmbcbxegxcceimasbmxconxgxaalmbacaogxcceimasbmxsbnxgxaalmbamamgxcceimxcbrxmbnsgxaalmbmorogxcceimcoaxmxoncgxaalmbbeblgxcceicloaxxmonxgxaalmbbeblgxcceicloaxxacnxgxaalmbbelagxcceimcssmlronsgxaalmbbxcbgxcceimrxccosancgxaalmbbxcbgxcceicloaecoanxgxaalmbbxbbgxcceicloaxxmenxgxaalmbbxbbgxcceialbbxexenxgxaalmbbxbbgxcceimxcbrxlonogxaalmlembogxcceimeembescnsgxaalmlsmmcgxcceimmoabamenagxaalmlsmmcgxcceialcaercenxgxaalmlcllagxcceialxosmbanxgxaalmlcllagxcceialbbebsbnxgxaalmlcllagxcceimraeelaanxgxaalmlcllagxcceimemlxmcbnxgxaalmlcllagxcceirrmlllronogxaalmlcllagxcceimasbmxsanxgxaalmlmbrlgxcceircmbbroanxgxaalbexcragxcceimxxerrxenxgxaalbexcragxcceimmoabamcnmgxaalbealcagxcceimrmoemsensgxaalbealcmgxcceialrexeoonogxaalbelxxxgxcceixaoossalnxgxaalbelxxxgxcceimeembecenxgxaalbelxxxgxcceimxlbmosensgxaalbxsbsegxcceimxlbmoscnrgxaalbxsbsegxcceimxlbmosansgxaalbxsbsegxcceimclxlloanxgxaalbxsbrlgxcceixaoosscrnrgxaalbxsbbcgxcceimmxsrbaonsgxaalbxsbbcgxcceicmarxbbonsgxaalbxsbbcgxcceimmxsrbaansgxaalbxsbbcgxcceimmxcxslenxgxaalbxslsxgxcceimaoobbebnxgxaalbxcsmmgxcceiallxlmxbnxgxaalbxrlcegxcceicaormbmanxgxaalbxrlcegeimcrxeosbnxgxaalbxrlcxgxcceimcrxeoccnxgxaalbxrlcxgxcceimxlbalscnogxaalbxbllogxcceimaooloranxgxaalbxbllogxcceimexlaeoonxgxaalbxlblcgxcceialbbebsanogxaalboobaogxcceimxlbmoconogxaalboclmlgxcceimrxccoscncgxaalboarergxcceimxcbrxronxgxaalboaamrgxcceialbbebrenxgxaalboaamrgxcceialbmbrmcnxgxaalboaamrgxcceimxcbrxscnxgxaalboaamrgxcceirreacmsbnxgxaalboamcogxcceimxxerrebnxgxaalboamcogxcceiaaxcambbncgxaalboamcogxcceimaoobrbanagxaalbsbboagxcceimaoobrbcnmgxaalbsbboagxcceimmsxrlaanxgxaalbsbboagxcceimeembesonxgxaalbsbboagxcceimcssmlrensgxaalbsbboagxcceimxlbmxlonogxaalbsbboagxcceimsacexoonxgxaalbsbboagxcceimxlbmxbbnogxaalbsbboagxcceimxlbalsbnogxaalbsbboagxcceimmsxrlmonxgxaalbcelorgxcceimmsxrlabnxgxaalbcelorgxcceimxcbrxabnxgxaalbcxamrgxcceimxxerreanxgxaalbcxamrgxcceiceecmorsnxgxaalbcxammgxcceimrlsemaenxgxaalbcxammgxcceimxeoxsacncgxaalbcxbsagxcceimxcbrxlcnogxaalbccsoxgxcceimmsxrlmenxgxaalbcacbagxcceimemlxbocnxgxaalbcarllgxcceimxcbrxsenxgxaalbcarllgxcceimrmaobxanogxaalbcaaeegxcceimrxccosenxgxaalbcmascgxcceimmsxarcbnxgxaalbcmasrgxcceimxcbrxaonxgxaalbcmaregxcceimellbosonxgxaalbcmaregxcceimmossscenxgxaalbreabsgxcceimxeemblenxgxaalbreabsgxcceimmooobrcnxgxaalbremcogxcce; expires=Thu, 01 Dec 2022 23:35:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C74492346%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 01 Dec 2022 23:35:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C71021364%7C110382%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 01 Dec 2022 23:35:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C41873820%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 01 Dec 2022 23:35:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C23975185%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 01 Dec 2022 23:35:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (7875), with no line terminators
Size:   4189
Md5:    0894f760619acd7037818af63e658891
Sha1:   bad7e084600085b2e4b74ff04ba991a489362267
Sha256: b29626eec33ab57f813e08aa49e0616e5d226310658cd6eaa525362c2b38dc01
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=110960
Date: Wed, 30 Nov 2022 23:35:32 GMT
Etag: "6386f734-118"
Expires: Fri, 02 Dec 2022 06:24:52 GMT
Last-Modified: Wed, 30 Nov 2022 06:24:52 GMT
Server: nginx
Content-Length: 280

                                        
                                            GET /splash.php?native-settings=1&idzone=4673694&cookieconsent=true&&p=https%3A%2F%2Fxxxfree.watch%2Fhegre-helga%2F HTTP/1.1 
Host: syndication.realsrv.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xxxfree.watch
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         95.211.229.247
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 30 Nov 2022 23:35:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://xxxfree.watch
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226387e8c48271b1.978197352578307392%22%3B%7D; expires=Fri, 29 Nov 2024 23:35:32 GMT; path=; domain=.realsrv.com; Secure; SameSite=none impressions=cmmsxrbonxgxaalsbbboageicmmsxaeenxgxaalsmleergeimacslbecnxgxaaabssxamgeislsaroornxgxaalrmxecrgeicxbmsbxcnxgxaalbcarllgeioslmrxlrnxgxaalbrxssogeiccmmlmlcnxgxaalmaeerageialbsereanxgxaalrollmegeioslmrxbrnxgxaalboaamrgeicxbmsbcenxgxaalbrxssogeioslmrxlsnxgxaalmbbxcbgeicxbmsbocnxgxaalbcxbsageicxbmsboenxgxaalalmsbrgeiclsmarcanxgxaaallsxlcgeiclsmrrmanxgxaaallsxlcgeirbabxabbnxgxaablbccmbgeiccmmlleanxgxaalrollmegeimcrxsbcenxgxaameollsmgeimreaoboenxgxaameollsmgeimcclosscnxgxaalccxmexgeimacslbeenxgxaaboslelageioslmroemnxgxaalbcxbsageioslmrxbmnxgxaalbcarllgeicaxsscmbnxgxaalmlsmmcgeicaormlxonxgxaamealeoegeicaormbmcnxgxaamealeoegeimcclsxscnxgxaamsmxlcageimccloscanxgxaalbrxssogeimreaomxenxgxaamelbbsbgeimreaobscnxgxaamelbbsbgeimcclosconxgxaalrcerllgeimcclsoeonxgxaamxaacblgeimacslbeonxgxaaloesaslgeimcclsxsanxgxaamsmxlcageimcclsxlbnxgxaamssmcolgeimaecseaonxgxaamssmcolgeimaecsxeonxgxaamssmcolgeimaecseronxgxaamssmcolgeimrblelrenxgxaamssmcolgeiccmmllebnxgxaalmrsecmgeimcclsxlonxgxaamcsebsxgeimcclsoeenxgxaamcrclalgeimcclsxsbnxgxaamcrclalgeimcclossbnxgxaalbexcrageimcclsxlcnxgxaamrscxmxgeimaecseranxgxaabrlemaegeimcclosccnxgxaamrscxmxgeicaormlxcnxgxaalbxrlcegeicaormbmbnxgxaalrexasogeiclsmrbsenxgxaamaxcsxcgeialbserebnxgxaalmaeerageimcclsxconxgxaalbrxssogeimcclsxmenxgxaalmbbxcbgeialbserxonxgxaalbcxbsageimccloscenxgxaalmlsmmcgeimcclsxxonxgxaalrcerllgeimcclsxbcnxgxaammclslageicaormlxanxgxaammacmrxgeimcclsxaonxgxaalbrxssogeimrblxxxbnxgxaambboecmgeimrblxelcnxgxaambboecmgeimrblxxrbnxgxaambboecmgeialbserxenxgxaalbxbllogeimacslbeanxgxaablxaelxgeialbserecnxgxaalssbrcxgeiccmmllecnxgxaalbcxbsageisaeeasslnxgxaabrbeccogeimcclossanxgxaabrlemaegeimcclsxronxgxaalraseexgeimaecseabnxgxaabrlemaegeimrblelrcnxgxaabrlemaegeimrblxemonxgxaabrlemaegeimcclsxcanxgxaalrlccrxgeimaecsxoonxgxaabmalbxxgeircsxcxscnxgxaabbxeomsgeicaormbbenxgxaalexxbcxgeiabeocmconxgxaablxrcmmgeimcclsxxcnxgxaalesmxrsgeimrblxeeanxgxaablsaloageimaecsemanxgxaalmmeabageimaecselonxgxaaloaroaageimcclsxacnxgxaalmeeamageimcclselenxgxaalbrxssogeimaecsxronxgxaalxmmoorgeimaecsxsenxgxaalxmmoorgeimaecsercnxgxaalxmmoorgeimaecsembnxgxaalxmmoorgeimaecselenxgxaalxmmoorgeimaecobobnxgxaalsmleergeimaecomoanxgxaalsbbboageimrblxxoenxgxaalsbmacmgeimaecobsbnxgxaalsbbboageimrblxosonxgxaalsbbboageimcclsxmanxgxaalmeeamageimaecsxccnxgxaalmeeamageimrblxeecnxgxaalmeeamageimrblelronxgxaalmeeamageimrblelmonxgxaalmeeamageimxcbrxcenxgxaalmabebogxcceimxlbmoobnogxaalmabebogxcceicloaxxabnxgxaalmabaxagxcceicloaxxaanxgxaalmabaxagxcceimclsaoxbncgxaalmmeabagxcceimaecseacnxgxaalmmeabageimaecsxxcnxgxaalmmeabageimcssmlrcnsgxaalmmeabagxcceimraeelabnxgxaalmmeabagxcceimxlbalcenogxaalmmelobgxcceimmxsrbmensgxaalmmoborgxcceimmxsrbabnsgxaalmmoboagxcceimaxecobenogxaalmmccoxgxcceimxlbmxlcnogxaalmmrmlegxcceimxlbmxlenogxaalmmrmlxgxcceimmosssconsgxaalmmbxalgxcceimxxerrecnxgxaalmbxslogxcceimrxccosoncgxaalmbxslogxcceimxxrecsanxgxaalmbsmsbgxcceimxlbmosonogxaalmbcbelgxcceimcoaxmxcncgxaalmbcbxegxcceimasbmxconxgxaalmbacaogxcceimasbmxsbnxgxaalmbamamgxcceimxcbrxmbnsgxaalmbmorogxcceimcoaxmxoncgxaalmbbeblgxcceicloaxxmonxgxaalmbbeblgxcceicloaxxacnxgxaalmbbelagxcceimcssmlronsgxaalmbbxcbgxcceimrxccosancgxaalmbbxcbgxcceicloaecoanxgxaalmbbxbbgxcceicloaxxmenxgxaalmbbxbbgxcceialbbxexenxgxaalmbbxbbgxcceimxcbrxlonogxaalmlembogxcceimeembescnsgxaalmlsmmcgxcceimmoabamenagxaalmlsmmcgxcceialcaercenxgxaalmlcllagxcceialxosmbanxgxaalmlcllagxcceialbbebsbnxgxaalmlcllagxcceimraeelaanxgxaalmlcllagxcceimemlxmcbnxgxaalmlcllagxcceirrmlllronogxaalmlcllagxcceimasbmxsanxgxaalmlmbrlgxcceircmbbroanxgxaalbexcragxcceimxxerrxenxgxaalbexcragxcceimmoabamcnmgxaalbealcagxcceimrmoemsensgxaalbealcmgxcceialrexeoonogxaalbelxxxgxcceixaoossalnxgxaalbelxxxgxcceimeembecenxgxaalbelxxxgxcceimxlbmosensgxaalbxsbsegxcceimxlbmoscnrgxaalbxsbsegxcceimxlbmosansgxaalbxsbsegxcceimclxlloanxgxaalbxsbrlgxcceixaoosscrnrgxaalbxsbbcgxcceimmxsrbaonsgxaalbxsbbcgxcceicmarxbbonsgxaalbxsbbcgxcceimmxsrbaansgxaalbxsbbcgxcceimmxcxslenxgxaalbxslsxgxcceimaoobbebnxgxaalbxcsmmgxcceiallxlmxbnxgxaalbxrlcegxcceicaormbmanxgxaalbxrlcegeimcrxeosbnxgxaalbxrlcxgxcceimcrxeoccnxgxaalbxrlcxgxcceimxlbalscnogxaalbxbllogxcceimaooloranxgxaalbxbllogxcceimexlaeoonxgxaalbxlblcgxcceialbbebsanogxaalboobaogxcceimxlbmoconogxaalboclmlgxcceimrxccoscncgxaalboarergxcceimxcbrxronxgxaalboaamrgxcceialbbebrenxgxaalboaamrgxcceialbmbrmcnxgxaalboaamrgxcceimxcbrxscnxgxaalboaamrgxcceirreacmsbnxgxaalboamcogxcceimxxerrebnxgxaalboamcogxcceiaaxcambbncgxaalboamcogxcceimaoobrbanagxaalbsbboagxcceimaoobrbcnmgxaalbsbboagxcceimmsxrlaanxgxaalbsbboagxcceimeembesonxgxaalbsbboagxcceimcssmlrensgxaalbsbboagxcceimxlbmxlonogxaalbsbboagxcceimsacexoonxgxaalbsbboagxcceimxlbmxbbnogxaalbsbboagxcceimxlbalsbnogxaalbsbboagxcceimmsxrlmonxgxaalbcelorgxcceimmsxrlabnxgxaalbcelorgxcceimxcbrxabnxgxaalbcxamrgxcceimxxerreanxgxaalbcxamrgxcceiceecmorsnxgxaalbcxammgxcceimrlsemaenxgxaalbcxammgxcceimxeoxsacnsgxaalbcxbsagxcceimxcbrxlcnogxaalbccsoxgxcceimmsxrlmenxgxaalbcacbagxcceimemlxbocnxgxaalbcarllgxcceimxcbrxsenxgxaalbcarllgxcceimrmaobxanogxaalbcaaeegxcceimrxccosenxgxaalbcmascgxcceimmsxarcbnxgxaalbcmasrgxcceimxcbrxaonxgxaalbcmaregxcceimellbosonxgxaalbcmaregxcceimmossscenogxaalbreabsgxcceimxeemblenxgxaalbreabsgxcceimmooobrcnxgxaalbremcogxcceimaecsxocnxgxaalbrxssoge; expires=Thu, 01 Dec 2022 23:35:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C23975195%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 01 Dec 2022 23:35:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C77233340%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 01 Dec 2022 23:35:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C74492346%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 01 Dec 2022 23:35:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C74493162%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 01 Dec 2022 23:35:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C74493090%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 01 Dec 2022 23:35:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C41873840%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 01 Dec 2022 23:35:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C74493142%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 01 Dec 2022 23:35:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C76043124%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 01 Dec 2022 23:35:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (13461), with no line terminators
Size:   6612
Md5:    b559421edf261a5aab9b6fd77b426f4a
Sha1:   5b3b299eaf53cba3af5ec8b0b3409d366e349504
Sha256: 2bc477b8748ae1787b1f64d06687e28170ce5a6a14028fd9956361d910db8993
                                        
                                            GET /carto.min.js HTTP/1.1 
Host: www.cdn4ads.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xxxfree.watch
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         185.76.9.14
HTTP/2 200 OK
content-type: application/x-javascript
                                        
date: Wed, 30 Nov 2022 23:35:32 GMT
alt-svc: quic="185.76.9.13:443"; ma=2592000; v="44,43,39"
expires: Fri, 02 Dec 2022 21:02:35 GMT
access-control-allow-origin: *
link: <https://cdn4ads.com/>;rel=preconnect,<https://c.adsco.re/>;rel=preconnect,<https://adsco.re/>;rel=preconnect
cache-control: public, max-age=604800
x-accel-expires: @1670014955
server: CDN77-Turbo
x-77-nzt: AblMCQ1+jhH/WbsGAA
x-77-nzt-ray: c0a4cc2879e76919c4e8876359a6921d
x-cache: HIT
x-age: 441177
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (1568), with CRLF line terminators
Size:   13411
Md5:    5936b1b8d3ba0cd74eb3a429bbec9e50
Sha1:   03bef30cc2f0dd0534a7c0e17a8736132c729351
Sha256: 0391e3294c2a5715c6323e5b45a1290100b355cbcb8c2a4c9a5a01c8be0f0ae4
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=110960
Date: Wed, 30 Nov 2022 23:35:32 GMT
Etag: "6386f734-118"
Expires: Fri, 02 Dec 2022 06:24:52 GMT
Last-Modified: Wed, 30 Nov 2022 06:24:52 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 280

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 30 Nov 2022 23:08:56 GMT
cache-control: public,max-age=3600
age: 1596
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3210
Cache-Control: max-age=123889
Date: Wed, 30 Nov 2022 23:35:32 GMT
Etag: "63871d2b-1d7"
Expires: Fri, 02 Dec 2022 10:00:21 GMT
Last-Modified: Wed, 30 Nov 2022 09:06:51 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /v1/api.php HTTP/1.1 
Host: syndication.realsrv.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 312
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226387e8c4941221.757334201856422759%22%3B%7D; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C23975185%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

search
                                         95.211.229.247
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Server: nginx
Date: Wed, 30 Nov 2022 23:35:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (1519), with no line terminators
Size:   1119
Md5:    894992fc594030eee0e1ff9e36c72188
Sha1:   7e039e17f92a51627d878ff3ba1c058724dbc1a4
Sha256: b22b6a2f158e04559c5bd5a9cafb7ee1e8676823e3ea433e70707cf48b03aca5
                                        
                                            POST /v1/api.php HTTP/1.1 
Host: syndication.realsrv.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 312
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226387e8c4941221.757334201856422759%22%3B%7D; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C23975185%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

search
                                         95.211.229.247
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Server: nginx
Date: Wed, 30 Nov 2022 23:35:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (1518), with no line terminators
Size:   1116
Md5:    bc7db41f542127dad41160d1de2220db
Sha1:   e7cb70de63b4b88616d823e8e25dd959a92cff8d
Sha256: 4563ea533cdbd7ce35d6f37ff6e32a47ba1f6a447c067ec33094311fc4fc7a5f
                                        
                                            GET /progressbar.js@1.1.0/dist/progressbar.min.js HTTP/1.1 
Host: unpkg.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.16.125.175
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Wed, 30 Nov 2022 23:35:32 GMT
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"7315-VGu3QlAvqjb4wruVTC8CgYdmBAQ"
via: 1.1 fly.io
fly-request-id: 01F3YGTHVETVB9B7TG2TW5GR8F
cf-cache-status: HIT
age: 19162096
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7727666e4cd50b55-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (29325)
Size:   9107
Md5:    b72f4130650701a4490355cbf62418c5
Sha1:   87812bd40646ce89f298a439e294a3fc5041ede1
Sha256: 60546e09b1ca3a9172cda0388836ca4106d7f63fe2a92776d36b60fdd1269f5c
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 344
ETag: "358954CF4E2932BCF63503975356B3242711E4F8607751E36A8475D4E22FA7C3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3817
Expires: Thu, 01 Dec 2022 00:39:09 GMT
Date: Wed, 30 Nov 2022 23:35:32 GMT
Connection: keep-alive

                                        
                                            POST /v1/api.php HTTP/1.1 
Host: syndication.realsrv.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 312
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226387e8c4941221.757334201856422759%22%3B%7D; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C23975185%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

search
                                         95.211.229.247
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Server: nginx
Date: Wed, 30 Nov 2022 23:35:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (1524), with no line terminators
Size:   1126
Md5:    8e2a940cda6897812f09bca3e432cc15
Sha1:   c9ae86c126a5ab842acf11c3d16bdfdf0f2c7b37
Sha256: dce2740b579423e03bf5fb3f7d8412630a6611ca035c94ea864febdee86adbc9
                                        
                                            GET /js/js.load.1.js?2890546494633759 HTTP/1.1 
Host: commentsengine.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         172.67.190.246
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
date: Wed, 30 Nov 2022 23:35:32 GMT
content-length: 0
last-modified: Thu, 14 Apr 2022 12:20:52 GMT
etag: "625811a4-0"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
x-cache-status-inferno-s: MISS
x-inferno-location: static
cf-cache-status: HIT
age: 15300657
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eCwjSCIrDOme749D9qvZ1%2Fh9tlMtr%2B9DkES%2B%2BvtK6iaQIJ%2F6tR5kzlew0cYuqEEZGE7vvWn6vQDMtsZF3h6vRANU8Tg1Hts%2BJESW0uDqP8pBMlcOrOCAk3HvBc1PUMDQn0jlOnE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7727666f0cefb51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6016
Cache-Control: 'max-age=158059'
Date: Wed, 30 Nov 2022 23:35:33 GMT
Last-Modified: Wed, 30 Nov 2022 21:55:17 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 280

                                        
                                            GET / HTTP/1.1 
Host: 6.adsco.re
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xxxfree.watch
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         104.17.167.186
HTTP/2 200 OK
content-type: text/plain;charset=UTF-8
                                        
date: Wed, 30 Nov 2022 23:35:33 GMT
content-length: 0
access-control-allow-origin: https://xxxfree.watch
cache-control: private, max-age=10
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-max-age: 2592000
vary: Accept-Encoding
server: cloudflare
cf-ray: 7727666f890bb50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            GET / HTTP/1.1 
Host: 4.adsco.re
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xxxfree.watch
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         162.252.214.5
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Wed, 30 Nov 2022 23:35:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://xxxfree.watch
Access-Control-Max-Age: 2592000
Cache-Control: private, max-age=5
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   62
Md5:    adde5febc7b5b6c2c759ec735cce83a0
Sha1:   77ec17be8a9970ff04663294d41c590d0d24fde4
Sha256: ce2b9f2e5005195de7add565505005be6f2ef0d37521771e15106d1e1b9260ff
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: NuhfSnt2dnr/AWg1EwqGqQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         54.191.251.76
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 4E4oOrICS7kmym1HT52Oo4czkNA=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D4C72521FE1B119A37D1CEBFEE005AE39101A01ECBD10D14AD6383958DD3C1B8"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2134
Expires: Thu, 01 Dec 2022 00:11:07 GMT
Date: Wed, 30 Nov 2022 23:35:33 GMT
Connection: keep-alive

                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.110
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Wed, 30 Nov 2022 22:41:08 GMT
expires: Thu, 01 Dec 2022 00:41:08 GMT
cache-control: public, max-age=7200
age: 3265
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   20039
Md5:    47e6f374ca946fddd5b59871b325736c
Sha1:   baa9282efc8785e84d247c3bff518eaa45f101c4
Sha256: 16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "815B297511094288F745F230C7F3CB097F8F823C9CF67DE63713AECEAF98D356"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3495
Expires: Thu, 01 Dec 2022 00:33:48 GMT
Date: Wed, 30 Nov 2022 23:35:33 GMT
Connection: keep-alive

                                        
                                            GET /js15_as.js HTTP/1.1 
Host: s10.histats.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         46.105.201.240
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
date: Wed, 30 Nov 2022 23:30:44 GMT
etag: "-375139978"
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-request-id: 122193733
content-encoding: br
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 4364
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (11440), with no line terminators
Size:   4364
Md5:    ed192092c129db6123a3397855f42619
Sha1:   067e9b8e26cf6246eb84c6b9cf3da0c192ce7b3e
Sha256: 998fff486a7fb38b6ed445edc36c9b317b70950cd39efcf4012ca641312fcee1
                                        
                                            POST / HTTP/1.1 
Host: zlxelxifssxm.n4.adsco.re
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://xxxfree.watch
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         38.132.109.186
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Wed, 30 Nov 2022 23:35:33 GMT
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:32:42 GMT
Connection: close
ETag: "5b5f2f9a-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F9CED62D1556A244DDAFDE4BFC67DDF4E815BDF7096AA2470DF48F11D5DC3ECF"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12859
Expires: Thu, 01 Dec 2022 03:09:52 GMT
Date: Wed, 30 Nov 2022 23:35:33 GMT
Connection: keep-alive

                                        
                                            GET /f.php?sid=212040 HTTP/1.1 
Host: testingmetriksbre.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.26.1.119
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Wed, 30 Nov 2022 23:35:33 GMT
x-powered-by: PHP/7.1.33
cache-control: no-store, no-cache, must-revalidate, max-age=0
x-robots-tag: noindex
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IAsO%2F3nAeHzigeVb%2F%2FspVScIEkP5UYFfSGI9CC0KCmfNwN2hnC2OZV%2FJwrjsbVMe7pN91sKjUxs7NiNzJPkLSKLGAWAAsngLiMU%2BDXXi0XKMHiRavYe%2BFNTwoVbHtyMJN6DPbD5z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772766713a30b518-OSL
content-encoding: br
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "9D7E02CD4EFEABAB4225D9A9F52DDA11BBE5AD691DEE225306D99FC1912C4AAD"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11554
Expires: Thu, 01 Dec 2022 02:48:07 GMT
Date: Wed, 30 Nov 2022 23:35:33 GMT
Connection: keep-alive

                                        
                                            GET /a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js HTTP/1.1 
Host: alleviatepracticableaddicted.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         173.233.137.36
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.19.5
Date: Wed, 30 Nov 2022 23:35:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 49822dc7b9ec5a0dc2d490e18fc8b97d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (32142), with no line terminators
Size:   10763
Md5:    95632ca968ab5922efd53e417d77799b
Sha1:   07bb082c849064cada1120205dbb45c9cb870913
Sha256: f70df574952baba8f626726e78f9ef75fa7b0b9cf04eea9a27193a436faf17b1

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /wp-content/uploads/2019/03/logo2015-1-1.png HTTP/1.1 
Host: watchxxxfree.xyz
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         172.67.193.121
HTTP/2 301 Moved Permanently
                                        
date: Wed, 30 Nov 2022 23:35:33 GMT
location: https://xxxfree.watch/wp-content/uploads/2019/03/logo2015-1-1.png
cache-control: max-age=3600
expires: Thu, 01 Dec 2022 00:35:33 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BPtvNB7GWkkTA6qSqtsRJ5%2BOYHpebDEN4DGrRfxQKtPOrbDqz1v8qTfPOfzB2Uw%2Bvdnaox6%2B3%2BNW%2BClWSx6uOkxqNJyI2EZ%2FL46TDSvZ%2BDWy9YuP%2FaEQz8MTdLEwCyvDnq1D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77276671cf81b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   49
Md5:    61ac9c1734b5ac58643d2df0bef94012
Sha1:   61f06e81a3ac798f58ff3c3f72085ad8095a515d
Sha256: db2561afcd26524ef38179074fa31a09157f17ac7954ad692f703290a2113964
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "D2E62FD34B70872CB8F68CD1FDAE7F1476019968F63ACCAB24E4D822933C07FF"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19876
Expires: Thu, 01 Dec 2022 05:06:49 GMT
Date: Wed, 30 Nov 2022 23:35:33 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         143.204.42.156
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=139677
Date: Wed, 30 Nov 2022 23:35:34 GMT
Etag: "63875b15-1d7"
Expires: Fri, 02 Dec 2022 14:23:31 GMT
Last-Modified: Wed, 30 Nov 2022 13:31:01 GMT
Server: ECS (nyb/1D32)
X-Cache: Miss from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 9YAJsGs-YLJ-H6MhxN4Z_f8WXyP3-19fUVz9Wk-aUluexMU9Pu8D0g==
Age: 3150

                                        
                                            GET /stats HTTP/1.1 
Host: simplewebanalysis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://woffxxx.com
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         52.28.211.11
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Wed, 30 Nov 2022 23:35:34 GMT
content-length: 40
server: fasthttp
access-control-allow-origin: https://woffxxx.com
access-control-allow-credentials: true
set-cookie: uid_id2=aaffba01-f6ea-42c9-886c-9f92d1f9a13d:3:1; expires=Sat, 27 Nov 2032 23:35:34 GMT; secure; SameSite=None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   40
Md5:    80f0c8c79a0045ca91c929fe6f293e99
Sha1:   dd7b35f484aa39faa2f81c4c8992beb302e00f6a
Sha256: 2ac2802fc7912ca253525841027ef9387614482f5f5d98a0296e753ba0837b84
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "D2E62FD34B70872CB8F68CD1FDAE7F1476019968F63ACCAB24E4D822933C07FF"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19875
Expires: Thu, 01 Dec 2022 05:06:49 GMT
Date: Wed, 30 Nov 2022 23:35:34 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: zlxelxifssxm.s4.adsco.re
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://xxxfree.watch
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         185.200.116.90
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Wed, 30 Nov 2022 23:35:34 GMT
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:38:01 GMT
Connection: close
ETag: "5b5f30d9-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "07FC624D6EAD4553D247852BAF85D3D308386BBDD58948E3DCBCC5835A9274F7"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2932
Expires: Thu, 01 Dec 2022 00:24:26 GMT
Date: Wed, 30 Nov 2022 23:35:34 GMT
Connection: keep-alive

                                        
                                            GET /0a/6e/9a/0a6e9a96058c7f39edbf4999920d05a3.js HTTP/1.1 
Host: parkingridiculous.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.61.227
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.22.0
Date: Wed, 30 Nov 2022 23:35:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e3789fefd65f74886045aa9868f249fe
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Size:   28781
Md5:    78ad79eeed3aa4a74fae1b622e6d510a
Sha1:   e2c9b8f52c5aa92fbb3a69bad43ac84bb5028404
Sha256: b19cd1c430a15c42acb9c2bb777275ddd30d121286fd2006463818f1c3b348c8

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17820
Expires: Thu, 01 Dec 2022 04:32:34 GMT
Date: Wed, 30 Nov 2022 23:35:34 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17820
Expires: Thu, 01 Dec 2022 04:32:34 GMT
Date: Wed, 30 Nov 2022 23:35:34 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17820
Expires: Thu, 01 Dec 2022 04:32:34 GMT
Date: Wed, 30 Nov 2022 23:35:34 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3768
Expires: Thu, 01 Dec 2022 00:38:22 GMT
Date: Wed, 30 Nov 2022 23:35:34 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17820
Expires: Thu, 01 Dec 2022 04:32:34 GMT
Date: Wed, 30 Nov 2022 23:35:34 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c95c82f-93f9-4783-a6c2-2c737a51d52c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12655
x-amzn-requestid: beeeccd0-a494-4d0c-91e9-0d1e2ab37b6f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb0YoFmMIAMFT4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cdd0-60f5e2286cf3965a42ab31b9;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:40:32 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CiGOvF7Lmz8cICQcjUcE6QGokbAIAd3WClI4PK_aDSxo-yHVcPPA7w==
via: 1.1 49cdeca097624936e070b73619df7da8.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:45:29 GMT
age: 6605
etag: "06b395b4fbad5ad9c9fb6a4fb24c1eee607aa8ac"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12655
Md5:    1039182464db1365a476dd88029b97d8
Sha1:   06b395b4fbad5ad9c9fb6a4fb24c1eee607aa8ac
Sha256: 2e081da1464a18d755a841558f63303634a9e22df888c9c43246565abfc3d48d
                                        
                                            GET /stats HTTP/1.1 
Host: simplewebanalysis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://woffxxx.com
Connection: keep-alive
Referer: https://woffxxx.com/
Cookie: uid_id2=aaffba01-f6ea-42c9-886c-9f92d1f9a13d:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         52.28.211.11
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Wed, 30 Nov 2022 23:35:34 GMT
content-length: 40
server: fasthttp
access-control-allow-origin: https://woffxxx.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   40
Md5:    80f0c8c79a0045ca91c929fe6f293e99
Sha1:   dd7b35f484aa39faa2f81c4c8992beb302e00f6a
Sha256: 2ac2802fc7912ca253525841027ef9387614482f5f5d98a0296e753ba0837b84
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc2c1d47-fc4a-4f23-a6f7-5ac8f3a68490.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12035
x-amzn-requestid: eef7d417-c6ca-4e3f-ac00-1425f3d5c4a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb0TSGHDIAMF_jA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cdae-467c79a805dfb5622687f628;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:39:58 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: haFJ2LZecbT4HRbkvcaZxR4SAIx5cGxNyghKiDOJVX6xDkPwzc2wNQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:45:34 GMT
age: 6600
etag: "cd016e6c0bf5c6eef06e933c9a5257ff4fca9bc1"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12035
Md5:    acffcb88ce68b2d70c9c046a7b5a4aa8
Sha1:   cd016e6c0bf5c6eef06e933c9a5257ff4fca9bc1
Sha256: 692d782ac1d812de6dadbcfe46034b6b5d8bbd586e56beedd96dc4d65445dd4c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9768b9bd-d7a9-4426-a5b2-ea1a71860733.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 2150
x-amzn-requestid: 59ef9edf-d9c1-45d0-b084-adf8e2f0738d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cXQcKGPXoAMFbWA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6385fab4-693e8d7d5632d48722e31757;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 12:27:32 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: iO-jUNMNzAM6zHh1oEftgZcW18vxdgaFGpNe4a1WHU97pRMMuHIKaQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 17:51:49 GMT
age: 20625
etag: "9bc2e9039e9340b83ffcfb90e4e2c631a8723e60"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   2150
Md5:    995eb3df7ec5507e3392fdb1ca6395b4
Sha1:   9bc2e9039e9340b83ffcfb90e4e2c631a8723e60
Sha256: 4c86fdcd3b338040ea8130ee6a1ed5c3bd66c4dd59fe461f81e5df88a379ebb3
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 16038
x-amzn-requestid: 9d34c42b-ba0c-498f-8f99-d4ab527ffa89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbzMdHXNIAMFgaw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cbe9-376846f31dc9b995797cbd18;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:32:25 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: DngCuOTO9fQAwWe_ip6EtBcgruigZN6Bl1_v5BHM2dsWlhqCXCL3gg==
via: 1.1 efcf7b9d0f917f9ebf314db03e52d9b6.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:45:33 GMT
age: 6601
etag: "5cf9a7a784952e1bb0cbe499104f1774b1269d08"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   16038
Md5:    ffd12f9c423ffc627d9e3b3145944fe4
Sha1:   5cf9a7a784952e1bb0cbe499104f1774b1269d08
Sha256: a25f1b752d9af599aefd73073c105853130f1759905269de3d582d2eb35fe167
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2bbca075-74f3-4647-8b00-66430fff5397.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9993
x-amzn-requestid: 7d7febbc-2bdf-44e9-9727-9c56b5bcb138
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb1VNFZiIAMFV-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cf54-1f89231026a9b5c467324134;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:47:00 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qK6AAXX3bqNSjQerE2jNysmMWX6X5j4Mm-MRQfG06YU7YmklFfE3NQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:50:08 GMT
age: 6326
etag: "527cf32104041423176fadd3cfc2120fe63f6bfc"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9993
Md5:    70afa08b7d0b64772b90ae190689e6c1
Sha1:   527cf32104041423176fadd3cfc2120fe63f6bfc
Sha256: 31ebf9decb53b8180922c4b10d0427aba95a802246a5ced8ec368d814a33b843
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9459
x-amzn-requestid: c08f55b2-7ac6-4dec-b53c-fd3f4533f9c9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMpBiGoHIAMFR2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bba3-69c2c2d05e55fd745caf1dce;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:09:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: w_Mb-0pBwp-pUyU2bdJ8MhrGHkk6VQgJmcGV9MfHwj_yGUMIYZkyrg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 10:53:00 GMT
age: 45754
etag: "2f9532d698b4c28df23e18bbb66399ec776d5b9f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9459
Md5:    e1e6b6ba4f82221b41c3d9129008c76d
Sha1:   2f9532d698b4c28df23e18bbb66399ec776d5b9f
Sha256: 218c6f41a16e6087c611d4db5784a7cc1d027084d0bf2bd6dc3843ee5dfd560f
                                        
                                            GET /sbar.json?key=a6b0b8925d9b3a4154c035c24b4ed97e HTTP/1.1 
Host: parkingridiculous.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://woffxxx.com
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         192.243.61.227
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx/1.22.0
Date: Wed, 30 Nov 2022 23:35:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://woffxxx.com
Access-Control-Allow-Origin: https://woffxxx.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17334956; expires=Thu, 01 Dec 2022 23:35:34 GMT; secure; SameSite=None pdhtkv=true; expires=Thu, 01 Dec 2022 23:35:35 GMT; secure; SameSite=None uncs=1; expires=Thu, 01 Dec 2022 23:35:35 GMT; secure; SameSite=None pdhtkv29=true; expires=Thu, 01 Dec 2022 23:35:35 GMT; secure; SameSite=None uncs29=1; expires=Thu, 01 Dec 2022 23:35:35 GMT; secure; SameSite=None sleca6b0b8925d9b3a4154c035c24b4ed97e=[3825557]; expires=Wed, 30 Nov 2022 23:35:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f7d7e03e22fcf514fc7c1c8eea144c4e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  JSON data\012- , Unicode text, UTF-8 text, with very long lines (6174), with no line terminators
Size:   4297
Md5:    9dbecbfe0e40221d59bfe1ec6d1053a1
Sha1:   7ec420dae7f25cba2f6f37448b8de64cbbb15c93
Sha256: 69e4814e09a765a32b492fdee5923b8ed49732ccb1c36fc6213a92b20f0f389f

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "15920417D134EE8F348A15A9F2A344F84E9066C2040F903BCE053B6EA7B2BB45"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5159
Expires: Thu, 01 Dec 2022 01:01:34 GMT
Date: Wed, 30 Nov 2022 23:35:35 GMT
Connection: keep-alive

                                        
                                            GET /pixel/purst?dl=0&th=0&sc=0&rs=2261&rd=2261&fd=762&bv=22.10.v.10&tmpl=136 HTTP/1.1 
Host: tractorfoolproofstandard.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.59.20
HTTP/1.1 200 OK
                                        
Server: nginx/1.17.9
Date: Wed, 30 Nov 2022 23:35:35 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /stats HTTP/1.1 
Host: simplewebanalysis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://woffxxx.com
Connection: keep-alive
Referer: https://woffxxx.com/
Cookie: uid_id2=aaffba01-f6ea-42c9-886c-9f92d1f9a13d:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         52.28.211.11
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Wed, 30 Nov 2022 23:35:35 GMT
content-length: 40
server: fasthttp
access-control-allow-origin: https://woffxxx.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   40
Md5:    80f0c8c79a0045ca91c929fe6f293e99
Sha1:   dd7b35f484aa39faa2f81c4c8992beb302e00f6a
Sha256: 2ac2802fc7912ca253525841027ef9387614482f5f5d98a0296e753ba0837b84
                                        
                                            GET /cimp.php?t=api&data=H4sIAAAAAAAAAz1PSU4DMRD8Ch+I1auXnOEKUlAe4Hg8Aoko0oBgDvV4PINI16V6rWohkQPzQemB81H9qILCoVAwCeyG55cTjLGu67z0Hn7qV3uDWTZniFiKGcWjjjWLSWOJcMpwGYwjkrOZKMEIChoQV7ONBSJGJDydTzi/Po5Ciepg8BglWploJJs8ZOwPTishak49NyvGIhySJ1UT4uzRRJIXkPap5ktKuXcjJ5m4JZmNqU3W+mU7hBqWXj8+l+/Qbtfd1+7IPY+2/BegbComOPA9MYwg7O33eanXDtzn/5B2ieHYbHsBvZQYJeap1anXkmpqNF/S5DVzm6v+Aku0Lc+EAQAA HTTP/1.1 
Host: syndication.realsrv.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226387e8c4941221.757334201856422759%22%3B%7D; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C23975185%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

search
                                         95.211.229.247
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 30 Nov 2022 23:35:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226387e8c4941221.757334201856422759%22%3B%7D; expires=Fri, 29 Nov 2024 23:35:35 GMT; path=; domain=.realsrv.com; Secure; SameSite=none __upt=%7B%22v%22%3A1%2C%22id%22%3A%226387e8c4941221.757334201856422759%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Fri, 29 Nov 2024 23:35:35 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

                                        
                                            GET /cimp.php?t=api&data=H4sIAAAAAAAAAz1QSU7EQAz8Ch+Yltde5gxXkAbNA5JOt0ACIQUEOdTj6QQx9qW8lMu2kMiJ+aR0x/msflZB4VAomAR2w+PTBcbYtq2vrYWf6au+wCybM0QsxYziUQfNYtJYIpwyXAbiiORsJkowgoKGi6vZjgIRIxIerhdcn+9HokR1MHi0Em1MNIJdHjL4A9NGiJpTy9WKsQiH5EnVhDh7NJHkBaRtmfKcUm7NyEkWrkm6MdXFapv3QZjC2qa3z/U71I/3Y69jI5ddR/4TUDYVE5z4FhiGEY7ya1+n9wbc+v88HRJjktl+Amqv4w+8RMo95uKlas8ztZ7qPDfnX0AkUDaEAQAA HTTP/1.1 
Host: syndication.realsrv.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226387e8c4941221.757334201856422759%22%3B%7D; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C23975185%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

search
                                         95.211.229.247
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 30 Nov 2022 23:35:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226387e8c4941221.757334201856422759%22%3B%7D; expires=Fri, 29 Nov 2024 23:35:35 GMT; path=; domain=.realsrv.com; Secure; SameSite=none __upt=%7B%22v%22%3A1%2C%22id%22%3A%226387e8c4941221.757334201856422759%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Fri, 29 Nov 2024 23:35:35 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

                                        
                                            GET /cimp.php?t=api&data=H4sIAAAAAAAAAz1Qy07EMAz8FX5gI7+T7BmuIC3aD2jSVCCxQioIevDH4xZpM4d47HHGDgHRCfHE8IDlzHpm8oqpQhJKqOLPLxcX9G3blnWM9Dt99zdnMyBzIslWvKpxtIllKgKuUJwzKhu6VQUELB55dgiQssgeJYCogz9dL359fYxENVZHx5ACbKQQZLd3ApeIYQM3LnmULlWQCFPWzCwUDmpClLU6zUQwmpXFciGeR+t95lKkq0x1HA/5lNYxfXytP6l/3oJL7OAFTPa5DDlEdIy7g1GYhPyEdyIeB/wovy/rdBvud/0/8mEU64jsl3dombi2pXKb64Rztl6axEfWhdqS/wBob0BYigEAAA== HTTP/1.1 
Host: syndication.realsrv.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226387e8c4941221.757334201856422759%22%3B%7D; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C23975185%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

search
                                         95.211.229.247
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Wed, 30 Nov 2022 23:35:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226387e8c4941221.757334201856422759%22%3B%7D; expires=Fri, 29 Nov 2024 23:35:35 GMT; path=; domain=.realsrv.com; Secure; SameSite=none __upt=%7B%22v%22%3A1%2C%22id%22%3A%226387e8c4941221.757334201856422759%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Fri, 29 Nov 2024 23:35:35 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

                                        
                                            GET / HTTP/1.1 
Host: 4.adsco.re
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://c.adsco.re/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

search
                                         162.252.214.5
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Wed, 30 Nov 2022 23:35:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 2592000
Cache-Control: private, max-age=5
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   62
Md5:    adde5febc7b5b6c2c759ec735cce83a0
Sha1:   77ec17be8a9970ff04663294d41c590d0d24fde4
Sha256: ce2b9f2e5005195de7add565505005be6f2ef0d37521771e15106d1e1b9260ff
                                        
                                            GET /library/448451/8ef3894784f1f3467b73910ccd33bb9099b5e2bc.webp HTTP/1.1 
Host: s3t3d2y8.afcdn.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.realsrv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         185.76.9.21
HTTP/2 200 OK
content-type: image/webp
                                        
date: Wed, 30 Nov 2022 23:35:35 GMT
content-length: 2904
last-modified: Tue, 09 Aug 2022 11:14:50 GMT
etag: "62f241aa-b58"
expires: Wed, 09 Aug 2023 11:37:56 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1691581365
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRTQoRf/kqCVAA
x-77-nzt-ray: af585630e08feba8c7e88763a0aeed1e
x-cache: HIT
x-age: 9805970
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 300x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   2904
Md5:    ab8bbb20fd4ab8b9f2345bc1bbc0a9fe
Sha1:   8ef3894784f1f3467b73910ccd33bb9099b5e2bc
Sha256: 72999b890831e46253dd0b1b023c86bf0753e0b473a5c5bff14ab325e62686a4
                                        
                                            GET /library/140058/a66f2e087f17cd312b112ff9d085f1d86e124d8c.webp HTTP/1.1 
Host: s3t3d2y8.afcdn.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         185.76.9.21
HTTP/2 200 OK
content-type: image/webp
                                        
date: Wed, 30 Nov 2022 23:35:35 GMT
content-length: 10548
last-modified: Wed, 03 Nov 2021 11:53:07 GMT
etag: "61827823-2934"
expires: Fri, 30 Jun 2023 11:10:32 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195350
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRS/5Vz/MUvJAA
x-77-nzt-ray: af585630e08feba8c7e887632badf71e
x-cache: HIT
x-age: 13191985
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   10548
Md5:    9bfaf7271358d3fee1fdab51af536513
Sha1:   a66f2e087f17cd312b112ff9d085f1d86e124d8c
Sha256: 8427b6bf77bd1e1854f29fcd44c318c2acf75013de0f46a40839f0168c97255d
                                        
                                            GET /library/366026/43c35669aea6adb2d7b41a79dbb407a74156e5f1.mp4 HTTP/1.1 
Host: s3t3d2y8.afcdn.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://a.realsrv.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         185.76.9.21
HTTP/2 206 Partial Content
content-type: video/mp4
                                        
date: Wed, 30 Nov 2022 23:35:35 GMT
content-length: 10177
last-modified: Mon, 14 Sep 2020 14:01:58 GMT
etag: "5f5f77d6-27c1"
expires: Fri, 30 Jun 2023 12:55:30 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195340
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRQfZpj/O0vJAA
x-77-nzt-ray: af585630e08feba8c7e88763d45efc1e
x-cache: HIT
x-age: 13191995
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-10176/10177
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size:   10177
Md5:    7784b86108b5501c39660e5c19e3bf06
Sha1:   43c35669aea6adb2d7b41a79dbb407a74156e5f1
Sha256: 20cb3b5dc47db843f30bbe415f7f6423cda6e6a7abd839b93c89ad85260b3ecc
                                        
                                            GET /library/129744/bbadb2ca17066ff599c8791c49dd59df6daa355a.webp HTTP/1.1 
Host: s3t3d2y8.afcdn.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         185.76.9.21
HTTP/2 200 OK
content-type: image/webp
                                        
date: Wed, 30 Nov 2022 23:35:35 GMT
content-length: 13990
last-modified: Tue, 04 Jan 2022 01:04:44 GMT
etag: "61d39d2c-36a6"
expires: Fri, 30 Jun 2023 13:51:26 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195296
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRTIllv/Z0vJAA
x-77-nzt-ray: af585630e08feba8c7e887633416001f
x-cache: HIT
x-age: 13192039
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   13990
Md5:    3300883deb6d97fd97879c375a5e6edc
Sha1:   bbadb2ca17066ff599c8791c49dd59df6daa355a
Sha256: 74131de51217ab3285637c4019c10046ce875475afa72e7ad5f339c32c19ef74
                                        
                                            GET /library/802444/d12ccb590ad00f4923f36212a376a907910dcbf6.webp HTTP/1.1 
Host: s3t3d2y8.afcdn.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         185.76.9.21
HTTP/2 200 OK
content-type: image/webp
                                        
date: Wed, 30 Nov 2022 23:35:35 GMT
content-length: 9022
last-modified: Fri, 15 Jul 2022 11:08:07 GMT
etag: "62d14a97-233e"
expires: Sat, 15 Jul 2023 11:38:32 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1689476948
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRT1zTL/87y1AA
x-77-nzt-ray: af585630e08feba8c7e88763a4ae041f
x-cache: HIT
x-age: 11910387
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   9022
Md5:    03a466116a5e875e0bd4dfa768d88d94
Sha1:   d12ccb590ad00f4923f36212a376a907910dcbf6
Sha256: 1095a12ca3638c3d19f40704809776f1f6349a7b06e35cba865e2126ed6ba52c
                                        
                                            GET /netu.php HTTP/1.1 
Host: testingmetriksbre.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.26.1.119
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 30 Nov 2022 23:35:33 GMT
x-powered-by: PHP/7.1.33
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rlb41FC7wM9gJQykPgqpMV1Q2Lk%2FbRS4M8IDva65DkQdYaQtH7i1t1u%2BITpf%2FpBBFwHrjfeI6Hi0BTZOZkIREnFgnHtyIwBXnLVS6NjKjqgR3R%2FG7zJtGf3v1%2FI5bSL36GHOfuq1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7727666f3902b518-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (855), with CRLF line terminators
Size:   1035
Md5:    c9ea79d2166f2fceea4446612c8533f9
Sha1:   886d13048713269d06a1aba0d68d892d6569c7a3
Sha256: 0feda4cb0a69b8796e10405b6549d92b3d4180f4263ff451b1971debd1be023b
                                        
                                            GET /library/802444/8d556f01a0a027fd5743a851458a0c2fa83388ba.webp HTTP/1.1 
Host: s3t3d2y8.afcdn.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         185.76.9.21
HTTP/2 200 OK
content-type: image/webp
                                        
date: Wed, 30 Nov 2022 23:35:35 GMT
content-length: 6324
last-modified: Fri, 15 Jul 2022 11:08:07 GMT
etag: "62d14a97-18b4"
expires: Sat, 15 Jul 2023 11:43:20 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1689568095
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRRQ/1f/6Fi0AA
x-77-nzt-ray: af585630e08feba8c7e887634973081f
x-cache: HIT
x-age: 11819240
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   6324
Md5:    08f0d637a8bece01677b78c56c3477b5
Sha1:   8d556f01a0a027fd5743a851458a0c2fa83388ba
Sha256: 07698e284ebdc9b08584215029b7bc35b2424b91f52e0a30c8e50bec44e59ad2
                                        
                                            GET /images/core/emoji/14.0.0/svg/1f445.svg HTTP/1.1 
Host: s.w.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         192.0.77.48
HTTP/2 200 OK
content-type: image/svg+xml
                                        
server: nginx
date: Wed, 30 Nov 2022 23:35:35 GMT
content-length: 360
last-modified: Tue, 12 Apr 2022 03:50:38 GMT
x-frame-options: SAMEORIGIN
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 1
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (360), with no line terminators
Size:   360
Md5:    0d16121d9eae5745be9da0c730557d30
Sha1:   3e1f809012606a4df721569e690553ee85606dbb
Sha256: 7ba3e8cfbd718c54aeaf8b78b8487552f08f520d1d0653a18860f46d428074e9
                                        
                                            GET /images/core/emoji/14.0.0/svg/1f444.svg HTTP/1.1 
Host: s.w.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         192.0.77.48
HTTP/2 200 OK
content-type: image/svg+xml
                                        
server: nginx
date: Wed, 30 Nov 2022 23:35:35 GMT
content-length: 618
last-modified: Tue, 12 Apr 2022 03:47:26 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 1
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (618), with no line terminators
Size:   618
Md5:    c1aac731a5d5bab09fc7d177fadc5eef
Sha1:   2920bdc5edb84369bbccd9d361c03792302908a4
Sha256: 033caa64a2f2dbe91f16210f2d9912949d30eb0cd097dc52cdf90d6ff63bdd8c
                                        
                                            GET /library/802444/26d2e9758abed93dcb4846fb53753ea7548231ec.webp HTTP/1.1 
Host: s3t3d2y8.afcdn.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         185.76.9.21
HTTP/2 200 OK
content-type: image/webp
                                        
date: Wed, 30 Nov 2022 23:35:35 GMT
content-length: 6790
last-modified: Fri, 15 Jul 2022 11:08:07 GMT
etag: "62d14a97-1a86"
expires: Sat, 15 Jul 2023 11:43:05 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1689468529
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRRP9Fr/1t21AA
x-77-nzt-ray: af585630e08feba8c7e8876312540c1f
x-cache: HIT
x-age: 11918806
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   6790
Md5:    5d9325b7bae76ad2cfd7f5d8b6db322c
Sha1:   26d2e9758abed93dcb4846fb53753ea7548231ec
Sha256: d6054a66b68c81d911b44b00bdffb9ee91a97e769c2bb83b1cbe396301ac48c1
                                        
                                            GET /images/core/emoji/14.0.0/svg/1f346.svg HTTP/1.1 
Host: s.w.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         192.0.77.48
HTTP/2 200 OK
content-type: image/svg+xml
                                        
server: nginx
date: Wed, 30 Nov 2022 23:35:35 GMT
content-length: 432
last-modified: Tue, 12 Apr 2022 03:50:38 GMT
x-frame-options: SAMEORIGIN
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 1
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (432), with no line terminators
Size:   432
Md5:    f92a9f8821057c551982b659b268ed8e
Sha1:   6238f3b621be938ec83d96306647991cf8cec28f
Sha256: 6a51feacbc0c6653c8adf378b5bf03b10a82f8ff387674f6434d3ee9019416af
                                        
                                            GET /library/623611/2278481571affd0d06433855ece073cb06237a2a.webp HTTP/1.1 
Host: s3t3d2y8.afcdn.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         185.76.9.21
HTTP/2 200 OK
content-type: image/webp
                                        
date: Wed, 30 Nov 2022 23:35:35 GMT
content-length: 6076
last-modified: Wed, 03 Nov 2021 19:29:43 GMT
etag: "6182e327-17bc"
expires: Fri, 30 Jun 2023 12:09:04 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195222
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRSkh3P/sUvJAA
x-77-nzt-ray: af585630e08feba8c7e8876326680f1f
x-cache: HIT
x-age: 13192113
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   6076
Md5:    6fa982653e11bf92f711f516bff7cc24
Sha1:   2278481571affd0d06433855ece073cb06237a2a
Sha256: 4ec89f5331b8e33f6ba993e5e835df7b3a008ee32ab12dcca448781bca935a97
                                        
                                            GET /images/core/emoji/14.0.0/svg/1f618.svg HTTP/1.1 
Host: s.w.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.0.77.48
HTTP/2 200 OK
content-type: image/svg+xml
                                        
server: nginx
date: Wed, 30 Nov 2022 23:35:35 GMT
content-length: 2224
last-modified: Tue, 12 Apr 2022 03:53:43 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 1
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2224), with no line terminators
Size:   2224
Md5:    81a553e7c02c5dd144e40888c4b2faad
Sha1:   babb293bf69fb9dc86fed937dd0bd5b14c879c81
Sha256: 52741c0837915c2af0469345fda5a6e62b31f56c22efda6005cbcd52deb24285
                                        
                                            GET /library/802444/829cd26ee8f73baca4dedfe762897593489bff22.webp HTTP/1.1 
Host: s3t3d2y8.afcdn.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         185.76.9.21
HTTP/2 200 OK
content-type: image/webp
                                        
date: Wed, 30 Nov 2022 23:35:35 GMT
content-length: 6768
last-modified: Fri, 15 Jul 2022 11:08:07 GMT
etag: "62d14a97-1a70"
expires: Sat, 15 Jul 2023 11:44:54 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1689487730
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRS1rAf/1ZK1AA
x-77-nzt-ray: af585630e08feba8c7e887631238111f
x-cache: HIT
x-age: 11899605
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   6768
Md5:    f019913fa1bcdd5dfe98af59ac49bbb2
Sha1:   829cd26ee8f73baca4dedfe762897593489bff22
Sha256: 66d870e5558d185796bbfb5dd24d4a3ad46a4042933e49e98567659746c230cf
                                        
                                            GET /library/802424/ae0499419dc52682c5ce7488148a6f6c37db3a47.webp HTTP/1.1 
Host: s3t3d2y8.afcdn.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         185.76.9.21
HTTP/2 200 OK
content-type: image/webp
                                        
date: Wed, 30 Nov 2022 23:35:35 GMT
content-length: 12534
last-modified: Fri, 30 Sep 2022 10:04:04 GMT
etag: "6336bf14-30f6"
expires: Sat, 30 Sep 2023 10:14:07 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1696071104
server: CDN77-Turbo
x-77-nzt: AblMCRR+AHj/hx5RAA
x-77-nzt-ray: af585630e08feba8c7e887632afc5a1f
x-cache: HIT
x-age: 5316231
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   12534
Md5:    0ab519ecbcec195a4eaaa02d15a78138
Sha1:   ae0499419dc52682c5ce7488148a6f6c37db3a47
Sha256: a3186bb75a18d0335801ca5745b09e4215c19e39bb14b4edd5a292a0dc74941e
                                        
                                            GET /library/802444/179ee3ab587e6094f27c3d5081fc701b07651398.webp HTTP/1.1 
Host: s3t3d2y8.afcdn.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         185.76.9.21
HTTP/2 200 OK
content-type: image/webp
                                        
date: Wed, 30 Nov 2022 23:35:35 GMT
content-length: 4498
last-modified: Fri, 15 Jul 2022 11:08:07 GMT
etag: "62d14a97-1192"
expires: Sat, 15 Jul 2023 11:45:37 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1689468485
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRSSbXj/At61AA
x-77-nzt-ray: af585630e08feba8c7e887638ec15d1f
x-cache: HIT
x-age: 11918850
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   4498
Md5:    3a33d738939052a11a2ad76f9eade5d1
Sha1:   179ee3ab587e6094f27c3d5081fc701b07651398
Sha256: fb72cfbb711af96a1abc7daab64778f7e9a21c0c5da3d5c6b07211e5f0ffb067
                                        
                                            GET /library/761560/aff16dc44b7afe6bc9c40ebc15af039a96c09055.webp HTTP/1.1 
Host: s3t3d2y8.afcdn.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         185.76.9.21
HTTP/2 200 OK
content-type: image/webp
                                        
date: Wed, 30 Nov 2022 23:35:35 GMT
content-length: 10414
last-modified: Thu, 03 Mar 2022 12:22:53 GMT
etag: "6220b31d-28ae"
expires: Sat, 09 Sep 2023 00:34:17 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1694770541
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRRjEkn/2vZkAA
x-77-nzt-ray: af585630e08feba8c7e8876320275f1f
x-cache: HIT
x-age: 6616794
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   10414
Md5:    0e4867359692ea09486c09307f5db054
Sha1:   aff16dc44b7afe6bc9c40ebc15af039a96c09055
Sha256: c860932ff98f21366a4861ea670b31fd0a8383327cbfc09040647cefd7889970
                                        
                                            GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXndZ0csqXgTFOYmCTrrnxyaTPUTjGgnml7sr8SJav3pSprqrt6p7epJT2AXd43hYEE%2Bdb5KNWYO4f8CCTASRgGB7kIDmrEcV9qQgMxkMPqh679X3Dt%2F3vfp4OzshPjJ6vLJoNpXWdKJZ9SsvrapYmNxVlm5UAr%2FqX6msqvhy40qlO7xsZzrwm1X%2F5cpbkq%2BbiZof%2BH7gB5U5ZWVouhMjFCo5aAXVll9t1KpBs4Gu%2FX%2FvMg%2BOehCdE%2FI0lCgvrH3%2FAIoPEEdfX5VuPTXJK29GmaapseiIvXfj9djkMaKzMrQewnhvPA3jSkI%2BOwcT740VwHR2hgrAVEm8nwOweG9ME6yze8qUacgYTDyJvDOA1AMoOgA3t6HEjwTgAkvLiKN7S8bmdOMUpUO0JOcf%2FQWVl%2BT8r88gjr6a1apbuW50lioTO3TDAqo7gGoPkGSHSDc9qPwQPL0FJX4gE48WEEc7y04bKFGM1Cs1gAoH0LIH6jxkw6M8ZKGHLPEQieMKbbZC358MWVivTzU45%2FU6582py6Ip6o2p0EfGh%2FR6SJMeuO6B2y0kdgvrqgebfQO3VsAJDy4tiffOFjqiQC4JckeQU4JcEeQpQd4pdoV2NVfcE9plLBjn2jjXi75J29t016RtGZPt5IQ8NfTFe%2FzWAdblcYVeZj6batWaosXqtBE0G9yvN3mtwRpStCYlnCqg3LmR1E1VkuceVpGoklx8%2FxcweginD8HVJdDsedC8P1nzQdf6jSkfm%2FEBFZlOX127ebOaGghTIEnPI93wtvUJeXa0n%2BkP7kLyo9cu%2FlMv7%2FL74LZAYgt8pL4laOs7%2FWsmJzvXTO7Ig%2BUkVZHapMPdXU9pKi%2Fcf1tu5MaK%2Bauut%2F86HwLD8uCGdOkCjYWK2458OauEkHbOWC7Jw3m3KtlK5tZmMxtnycLKG3PzUWKlc8rEA1BVEvL5PrgqyRO9L0b%2F8oXpF6HsADYrEGVHZBxQ5hA82YJLjmY%2BZIvlH%2Ft%2FwxkCq89mWOIhz4q%2BrbGzR60ItDzrKSvg5NHM7%2B9dYovln2DyP0O23R20rQea3kYcFejYAh1dgOoeXPZYP03s0cxP9VGAaa%2FPtPV2mLb601NznTquyGboh9KvSRa2WDhJfdEKGy1GW4GcZE0aIHUl%2F%2BS37%2F4FAAD%2F%2FwEAAP%2F%2FTFhflG8EAAA%3D HTTP/1.1 
Host: parkingridiculous.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Cookie: u_pl=17334956; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca6b0b8925d9b3a4154c035c24b4ed97e=[3825557]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.61.227
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.22.0
Date: Wed, 30 Nov 2022 23:35:35 GMT
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fccc01905efbf4dbfb82e5f871566f04
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   7
Md5:    132d6af1b46048b45cf86cdee7991d31
Sha1:   eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
Sha256: ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /images/core/emoji/14.0.0/svg/1f48b.svg HTTP/1.1 
Host: s.w.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.0.77.48
HTTP/2 200 OK
content-type: image/svg+xml
                                        
server: nginx
date: Wed, 30 Nov 2022 23:35:35 GMT
content-length: 701
last-modified: Tue, 12 Apr 2022 03:53:43 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 1
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (701), with no line terminators
Size:   701
Md5:    1f47248f358622a7398c81207142239b
Sha1:   c72dfb2f08498d876edce2602dbcdfe3d6933b4e
Sha256: a8b89a9cf527dda297f2f59c8bfbb5b9166f7c6a823ece83f1b60bb916f46572
                                        
                                            GET /library/623611/1d086ee530ffd2df0ad79a4430c5284ea0bf43a1.webp HTTP/1.1 
Host: s3t3d2y8.afcdn.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         185.76.9.21
HTTP/2 200 OK
content-type: image/webp
                                        
date: Wed, 30 Nov 2022 23:35:35 GMT
content-length: 14308
last-modified: Wed, 03 Nov 2021 19:23:20 GMT
etag: "6182e1a8-37e4"
expires: Fri, 30 Jun 2023 14:25:37 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195218
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRS/LtX/tUvJAA
x-77-nzt-ray: af585630e08feba8c7e887630ffb9221
x-cache: HIT
x-age: 13192117
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   14308
Md5:    4c844d5a19386b984d862c88ff15dd0f
Sha1:   1d086ee530ffd2df0ad79a4430c5284ea0bf43a1
Sha256: 5be93e78e93fcb00f0445cd83b9d55ad0d54aacddbd782b46286574a5b68a535
                                        
                                            GET /images/core/emoji/14.0.0/svg/1f493.svg HTTP/1.1 
Host: s.w.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.0.77.48
HTTP/2 200 OK
content-type: image/svg+xml
                                        
server: nginx
date: Wed, 30 Nov 2022 23:35:35 GMT
content-length: 1275
last-modified: Tue, 12 Apr 2022 03:50:38 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 1
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1275), with no line terminators
Size:   1275
Md5:    058dee5288ffcb904a26594ea31fcfb3
Sha1:   95cf8061c16583bbee1334ba8332257645d155e0
Sha256: 7e61107adf2c38be158a785007c396dab9b2cf3661a2809f501f69fe37ad3ca9
                                        
                                            GET /library/140058/e57cf07a049e49b51c156d752ea761aa0dcd4bda.webp HTTP/1.1 
Host: s3t3d2y8.afcdn.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         185.76.9.21
HTTP/2 200 OK
content-type: image/webp
                                        
date: Wed, 30 Nov 2022 23:35:35 GMT
content-length: 9202
last-modified: Wed, 03 Nov 2021 11:53:07 GMT
etag: "61827823-23f2"
expires: Fri, 30 Jun 2023 11:10:34 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195216
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRRYZ9r/t0vJAA
x-77-nzt-ray: af585630e08feba8c7e887631d979921
x-cache: HIT
x-age: 13192119
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   9202
Md5:    65c256aae6dc21765215f9a9b0792c23
Sha1:   e57cf07a049e49b51c156d752ea761aa0dcd4bda
Sha256: de75f84d56e9a91f819ea220a66a911a37ea5cfb226d9c8576265fdcb281a62b
                                        
                                            POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-62001516-1&cid=904593096.1669851332&jid=686694454&gjid=1117325172&_gid=575763750.1669851332&_u=YEBAAUAAAAAAACAAI~&z=78859063 HTTP/1.1 
Host: stats.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://xxxfree.watch
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         74.125.131.154
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: https://xxxfree.watch
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 30 Nov 2022 23:35:35 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    c4ca4238a0b923820dcc509a6f75849b
Sha1:   356a192b7913b04c54574d18c28d46e6395428ab
Sha256: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 23:35:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /flv/api/files/thumbs_new/2022/11/23/1669221429rswlc/1669221429rswlc-640x480-1.jpg HTTP/1.1 
Host: cdn-s13.cfeucdn.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         50.7.214.74
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Wed, 30 Nov 2022 23:39:52 GMT
content-length: 31698
last-modified: Wed, 23 Nov 2022 16:59:04 GMT
etag: "637e5158-7bd2"
server: cloudflare
expires: Thu, 06 Nov 2121 23:39:52 GMT
cache-control: max-age=3122064000, public
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1280x720, components 3\012- data
Size:   31698
Md5:    e740e463e3886698aa5832becf547a6e
Sha1:   8ca0825c4c4d0af303fd0cef54dc412eee5cd7d7
Sha256: fbfc467f6926159490c47e5148efb4184ca91e612d8b221f0db26e03d2f404bb
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F6F33EC68B533F749A2CEF620EDBA5FBA65B437D2DD9E7A8BD6D3E19D0581DB6"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10214
Expires: Thu, 01 Dec 2022 02:25:49 GMT
Date: Wed, 30 Nov 2022 23:35:35 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 23:35:35 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 18:57:13 GMT
Expires: Wed, 07 Dec 2022 18:57:12 GMT
Etag: "4d8dcdbf1dba4a72fb64482a39966368b5ea7d22"
Cache-Control: max-age=587496,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7727667fdaf8b512-OSL

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "A8E170FEC241AD3EC9ACC075FA8D7CE2184D129BF69F5ACE3E7229AA3BFD59C7"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9499
Expires: Thu, 01 Dec 2022 02:13:55 GMT
Date: Wed, 30 Nov 2022 23:35:36 GMT
Connection: keep-alive

                                        
                                            GET /skL.php?_=BAYAY4foxQFjh-jFgAGBAsAAIIVbEIu_o0h7UAO0rqwKJw0uGg3xeH6EtgnqARicNXHxwQBIMEYCIQCqjTk4T8dosdSmde6kNGPK3JPQHLcVyGnW3laYLNrHPQIhAJ_u4omKspydY1bl8U2Y5FkbrvKteU-bQXcTadCCuVFf&v=4&xWyEZAgN=4129487&minBid=&JgofHrKy=0,0&RCWvoDIX=&XBObgQkV=&s=1280,1024,1,1280,1024,0 HTTP/1.1 
Host: cdn4ads.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         216.59.63.128
HTTP/2 200 OK
content-type: text/javascript;charset=UTF-8
                                        
access-control-allow-origin: *
asf: 9
popads-ec: ASB
content-length: 44
date: Wed, 30 Nov 2022 23:35:35 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   44
Md5:    d5f0a25e4d3522d56d48ce7bc3e518fb
Sha1:   86794caff58f7fee6e684c2ba7195f970a8d6f4c
Sha256: 9d781128a8ece413b003d5612b8398bf9340ef7f5b751d12bd125ba523d3ceb5
                                        
                                            GET /sb/ssp/vpn/classic-push/small/img/close.png HTTP/1.1 
Host: cdn.creative-bars1.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.64.109.13
HTTP/2 200 OK
content-type: image/png
                                        
date: Wed, 30 Nov 2022 23:35:36 GMT
content-length: 591
last-modified: Tue, 21 Sep 2021 12:03:43 GMT
etag: "6149ca1f-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1331062
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lg9S%2FVba80C1DxOvPNf2%2FlVmwXyA7saH7MtCLmILk%2FDV0kr8mwDzDPErNoCPX0H%2BemBzKc7c5b0d7SNqfUh0r4lCMCUWO9GDzL6hHLrZpDBsT8dPpW3Hb8wETyQtDwew6HRmw8SJ%2Foci"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772766824ca48861-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced\012- data
Size:   591
Md5:    9fd5bcb6103d86e317bd1eb019bcbe71
Sha1:   6b5a52ea669dcb74946f2bed4bdd7ec985026113
Sha256: 0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 23:35:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "A8E170FEC241AD3EC9ACC075FA8D7CE2184D129BF69F5ACE3E7229AA3BFD59C7"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9499
Expires: Thu, 01 Dec 2022 02:13:55 GMT
Date: Wed, 30 Nov 2022 23:35:36 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "633A08F91314ECD2FD983DC5415400B0D768BEFB25F65FCD531DF4E95CDAAFCB"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2168
Expires: Thu, 01 Dec 2022 00:11:44 GMT
Date: Wed, 30 Nov 2022 23:35:36 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "54672C525E2462DDBB2E84B80945DAEDE2E13469B8817D636DC12D5BB0B3BC47"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20332
Expires: Thu, 01 Dec 2022 05:14:28 GMT
Date: Wed, 30 Nov 2022 23:35:36 GMT
Connection: keep-alive

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 23:35:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /si/47/4e/ca/474ecaa017bb82b0dab11e5d25e3caa6/1669746412.png HTTP/1.1 
Host: cdn.cloudimagesb.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         45.133.44.10
HTTP/2 200 OK
content-type: image/png
                                        
date: Wed, 30 Nov 2022 23:35:36 GMT
content-length: 3187
server: nginx/1.17.6
last-modified: Tue, 29 Nov 2022 18:27:01 GMT
etag: "63864ef5-c73"
expires: Fri, 02 Dec 2022 23:35:36 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size:   3187
Md5:    fe5edba21d216d6be2024700e9278df9
Sha1:   7e3fc089caa05efea09ff21dbac8a346441aab94
Sha256: dda094bf95e20b750a993d529b5ea8c02bf082bdf75d54213a636d816f946aae
                                        
                                            GET /pxf.gif?uuid=aaffba01-f6ea-42c9-886c-9f92d1f9a13d&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=1&pk=a6b0b8925d9b3a4154c035c24b4ed97e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23 HTTP/1.1 
Host: unseenreport.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.61.225
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.22.0
Date: Wed, 30 Nov 2022 23:35:36 GMT
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ef57fafef5b4cc7e4b6be26c82b713f9
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    93b885adfe0da089cdf634904fd59f71
Sha1:   5ba93c9db0cff93f52b521d7420e43f6eda2784f
Sha256: 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /pxf.gif?uuid=aaffba01-f6ea-42c9-886c-9f92d1f9a13d&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=1&pk=0a6e9a96058c7f39edbf4999920d05a3&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23 HTTP/1.1 
Host: unseenreport.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.61.225
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.22.0
Date: Wed, 30 Nov 2022 23:35:36 GMT
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2ea3f020f8d584e1063c611426a285a3
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  very short file (no magic)
Size:   1
Md5:    93b885adfe0da089cdf634904fd59f71
Sha1:   5ba93c9db0cff93f52b521d7420e43f6eda2784f
Sha256: 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /sb/ssp/vpn/classic-push/small/js/script.js HTTP/1.1 
Host: cdn.creative-bars1.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://woffxxx.com
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.64.109.13
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 30 Nov 2022 23:35:36 GMT
last-modified: Tue, 21 Sep 2021 12:03:44 GMT
etag: W/"6149ca20-3c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 222573
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kvomC1p0QwFtOzDi%2F2%2Bt%2FKYsEToQLtQ8outPw9QCpP4AYFH9df4VC%2Fo6yDd6qh43FRyfJP16DxAiN0TQ2%2FBogMxezgb1l0nmRMlNcwehpQaQ%2F4MX2Pg80vw2O5lr%2FLBccJMUU%2FX4Symx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77276682cd7b8861-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   813
Md5:    ef045e098bde5bfa706fd6f05b68ed08
Sha1:   2af1f25a077065cae4ddac5e31220b0d52a3266a
Sha256: fa5ddc4d9f38ce4c89a4daaef4c84e931efe4dcae3367f57e0247e8368f57014
                                        
                                            GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://woffxxx.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:34:15 GMT
expires: Thu, 30 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 14481
last-modified: Wed, 11 May 2022 19:24:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size:   15860
Md5:    e9f5aaf547f165386cd313b995dddd8e
Sha1:   acdef5603c2387b0e5bffd744b679a24a8bc1968
Sha256: f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 23:35:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://woffxxx.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.227
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:54 GMT
expires: Thu, 30 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 14502
last-modified: Wed, 11 May 2022 19:24:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size:   15744
Md5:    15d9f621c3bd1599f0169dcf0bd5e63e
Sha1:   7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
Sha256: f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
                                        
                                            GET /pixel/sbs?c=1 HTTP/1.1 
Host: parkingridiculous.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Cookie: u_pl=17334956; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca6b0b8925d9b3a4154c035c24b4ed97e=[3825557]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.61.227
HTTP/1.1 200 OK
                                        
Server: nginx/1.22.0
Date: Wed, 30 Nov 2022 23:35:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSujgkRvUTxIijOSRR0tnu6JzOTHKIxRhb3l0lkvYjWr5ktt6arU9U9PbunJQHNcTwExFPvN7tZNy5i%2FoCAzAoiC4LtQRZ0z3pUIScFmdnBxQdV77363uH7vlcfb2ZHxEdGD5fmzbrSms7Uq37lpWUVC5O7ysKNSuBX%2FYuVZRWfjy5W%2BuPL9i4Efr3qv1x5S%2FJVM1PzA98P%2FKByVVnZNv2ZCQqV7LWCasuvRrVqUI%2FQt%2F%2FvXebBUQ%2Bid0SehhLlmZXvH0DxEeLu11ekW01N8sqb3UzT1Fj0xM678Wps8hjdk7JtPbTjnek0jCsJ%2BewUTLwzVQDT2xorAFMl8X4OwOKdKU2w3vYxU6YhYzDxJPLeCFKPoOgI3NyGEj8SgAssLCLu3lswNqdrxygdoyU5%2FegvqLwkp399BnH3q8ta9SvXjc5SZWKHfruA6o%2BgOiMk2T7SdQ8q3wdPb0GJH8jMoznE3a1Fpw2UKCbqlRpBtUfQcgDqPGTjozxkbQ9Z4qErDiu03mr7fqPN2mHYjDjnYch5vXle1EUYNds%2BMj6mN0CaDMD1ANxuILEbWFUD2OwbuJUCTnhwaUm8dzbQEwVySZA7gpwS5IogTwnyXrEttKu54p7QLmPBNNemOSyGJu1s0m2TdmRMNpMj8tTYF%2B%2FxW3tYlYcVep75rNmq1UWLhTQK6hH3wzqvRSySotWQcKqAcqcmUtdVSZ57WEWiSnL2%2FV%2FA6D6c3gdX50Cz50HzYaPmg64Mo6aP9XiPikynr67cvFlNDYQpkKSnka55m%2FqIPDvZz4UP7kLyg9fO%2FhOWd%2Fl9cFsgsQU%2BUt8SdPSd4TWTk61rJnfkwWKSqq5ap%2BPdXU9pKs%2Fcf1uu5caK2StusPs6HwPjcu%2BGdOkcjYWKO458eVkJIe1VY7kkD2fdsmRLmVu5nNk4S%2BaW3rg6202sdE6ZeASqSkI%2B3wVXJXli8MXkX75w4UUoO4LNCnSzAzINKLMPnmzAJQeXPmTz5R%2B7f8MZAqtPZljiIc%2BKoa2xk0etCLQ86Skr4OTBpd%2FfO8fmyz%2FB5H%2BGbLo76FgPNL2NuFugZwv0dAGqB3DZY8M0sQeXfgonAaa9IdPW22La6k%2BPzXXqsFIPItlkzQYXgkkugkYtbIa%2BXxMiarRk0ELqSv7Jb9%2F9CwAA%2F%2F8BAAD%2F%2F1hQ0XJvBAAA HTTP/1.1 
Host: parkingridiculous.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Cookie: u_pl=17334956; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca6b0b8925d9b3a4154c035c24b4ed97e=[3825557]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.61.227
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.22.0
Date: Wed, 30 Nov 2022 23:35:36 GMT
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e3d559410539c38a3d639be6ce66d8f6
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   7
Md5:    132d6af1b46048b45cf86cdee7991d31
Sha1:   eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
Sha256: ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 30 Nov 2022 23:35:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gseccovsslca2018 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         151.101.66.133
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Connection: keep-alive
Content-Length: 937
Server: nginx
Expires: Sun, 04 Dec 2022 21:50:08 GMT
ETag: "be8bae7db5c17b291bab74b4a43db37acdd64654"
Last-Modified: Wed, 30 Nov 2022 21:50:09 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Wed, 30 Nov 2022 23:35:38 GMT
Age: 2727
X-Served-By: cache-qpg1244-QPG, cache-bma1667-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 19, 8
X-Timer: S1669851338.447641,VS0,VE0

                                        
                                            GET /images/core/emoji/14.0.0/svg/1f4a6.svg HTTP/1.1 
Host: s.w.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.0.77.48
HTTP/2 200 OK
content-type: image/svg+xml
                                        
server: nginx
date: Wed, 30 Nov 2022 23:35:35 GMT
last-modified: Tue, 12 Apr 2022 03:50:38 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 1
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (517), with no line terminators
Size:   1735
Md5:    7f6fecda358ea300b44a182bf097369b
Sha1:   d945aaf652ab49fab4202b3efe38fdcdc7a2cfc9
Sha256: 6680ddfe65383200a5e3f41b3389c5c649bf198fff4f43f2cdd5226b75b484bf
                                        
                                            GET /sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html HTTP/1.1 
Host: cdn.barscreative1.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://woffxxx.com
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         45.133.44.3
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
date: Wed, 30 Nov 2022 23:35:35 GMT
server: nginx/1.17.6
last-modified: Mon, 27 Sep 2021 07:43:24 GMT
etag: W/"6151761c-52d"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Thu, 01 Dec 2022 00:35:35 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   887
Md5:    b3606cef4adc8b62f26588a77842a3a7
Sha1:   dbe7c81a12cea665bdc4b3f7d50d88601e75cb20
Sha256: 068c362db8dcab04177add2de6bd51b6e3c9e7e02f9ec72f5ff6dbb0e514aaf0

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /metrika/tag.js HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         87.250.250.119
HTTP/2 200 OK
content-type: application/javascript
                                        
content-length: 73267
date: Wed, 30 Nov 2022 23:35:38 GMT
access-control-allow-origin: *
etag: "63875d46-11e33"
expires: Thu, 01 Dec 2022 00:35:38 GMT
last-modified: Wed, 30 Nov 2022 16:40:22 GMT
cache-control: max-age=3600
content-encoding: br
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with very long lines (587)
Size:   73267
Md5:    1d79426653c3b55939eaec59a2ce8ef5
Sha1:   c6db0314df7a4e5c08047f6306e0b79a1ad3bab2