| xxxfree.watch/hegre-helga/ | 172.67.223.192 | 301 Moved Permanently | 0 B |
URL HTTP/1.1xxxfree.watch/hegre-helga/ IP172.67.223.192:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /hegre-helga/ HTTP/1.1
Host: xxxfree.watch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Wed, 30 Nov 2022 23:35:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 01 Dec 2022 00:35:31 GMT
Location: https://xxxfree.watch/hegre-helga/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cuZ1eiE4qSdeqYJbyLBiBcKadehl1%2FXSgn0Tv0EwfLqtPTRf2TkGXlUt3CDoLK5DJ5GdvLrRrpO94dFGJOmtSKPnsAy4NMR4B5VasUKLF8qSe1p4J8N00PFDP0NZpnWq"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77276665ed9cb500-OSL
alt-svc: h2=":443"; ma=60
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hasha5daf4dc99951793ae2315d4795e8146 4427507ca4d3a5632cc8f598afbc85e2195d00bd 94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8233
Expires: Thu, 01 Dec 2022 01:52:44 GMT
Date: Wed, 30 Nov 2022 23:35:31 GMT
Connection: keep-alive
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hashf3cf023c797da81728c0ac84c8759331 fa07c5e39e4b0741ea484101cccb2202acea9d9c 5206a0bac8bf78d6b84322519271a1ece2c1039a0090e583de6d6192d88873d0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3209
Cache-Control: max-age=128957
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 23:35:31 GMT
Etag: "638730f7-1d7"
Expires: Fri, 02 Dec 2022 11:24:48 GMT
Last-Modified: Wed, 30 Nov 2022 10:31:19 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash9fce5679881bf302a8978a0b462f01a9 b699fe030ea13ac73813e655c42ed9b531925e2b a3ec545a8f9364ac9062eddb41279e1465687a1b60f9c1dec6b3a3df8b033eb3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3EC545A8F9364AC9062EDDB41279E1465687A1B60F9C1DEC6B3A3DF8B033EB3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8860
Expires: Thu, 01 Dec 2022 02:03:11 GMT
Date: Wed, 30 Nov 2022 23:35:31 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/ | 34.102.187.140 | 200 OK | 939 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/ IP34.102.187.140:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hash14cd9a0afb6ba9a763651d5112760d1e 75d7b104ab9ab11fbb73c3f348b43b0119b5adfa 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 30 Nov 2022 23:19:44 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 947
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hash9ebddc2b260d081ebbefee47c037cb28 492bad62a7ca6a74738921ef5ae6f0be5edebf39 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ylE2KAYF6kkDcFONSShPIMiGAlr+jli63I0fqj4pRJmCzJRWAnSDCcyzUEJa/HGR0jpCyVdVOZs=
x-amz-request-id: KHS0KYK41008RVSF
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 30 Nov 2022 22:45:24 GMT
age: 3007
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 277 B |
IP93.184.220.29:0
Hash7d5b6aa25b3874b8378f3a7674d547f3 cc125dc205ed5922a12c241add441eefb02c488e 8e6796166e920ecc1b41de8b09ec6692cf653395c189daa838943d82bee5fbbd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 23:35:31 GMT
Etag: "63879ea7-115"
Server: ECS (amb/6B7A)
Content-Length: 277
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 23:35:31 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 277 B |
IP93.184.220.29:0
Hash7d5b6aa25b3874b8378f3a7674d547f3 cc125dc205ed5922a12c241add441eefb02c488e 8e6796166e920ecc1b41de8b09ec6692cf653395c189daa838943d82bee5fbbd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 23:35:32 GMT
Etag: "63879ea7-115"
Last-Modified: Wed, 30 Nov 2022 23:35:31 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 277
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 279 B |
IP93.184.220.29:0
Hasha7768a8a4d5f2b246e1c7184e4526eef 424a0bbdad4a58e0eeced80d976613d4925a8f55 6233da50858bbd760a4da93d72eaf8b0a3379184601e8eb76db9a306af568c71
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3221
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 23:35:32 GMT
Last-Modified: Wed, 30 Nov 2022 22:41:51 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 279
|
|
| vjs.zencdn.net/7.8.4/video.min.js?ver=7.8.4 | 151.101.194.217 | 200 OK | 139 kB |
URL HTTP/2vjs.zencdn.net/7.8.4/video.min.js?ver=7.8.4 IP151.101.194.217:0
File typeUnicode text, UTF-8 text, with very long lines (45362) Size139 kB (139307 bytes) Hash62c1afff76ac7a673f537be0120a7ebd 97ddf6a072f381f59e098a7f93c1c4855edd0ec8 7770c06faeee3a1ce7c479c09bc2a1760100b1483945e1c5c4d2f788231ff142
GET /7.8.4/video.min.js?ver=7.8.4 HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Wed, 08 Jul 2020 20:29:39 GMT
etag: "102cc1896541330762962b95fcb31f95"
cache-control: public, max-age=31536000
content-type: application/javascript; charset=utf-8
content-encoding: gzip
date: Wed, 30 Nov 2022 23:35:32 GMT
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 5
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 139307
X-Firefox-Spdy: h2
|
|
| vjs.zencdn.net/7.8.4/video-js.css?ver=7.8.4 | 151.101.194.217 | 200 OK | 11 kB |
URL HTTP/2vjs.zencdn.net/7.8.4/video-js.css?ver=7.8.4 IP151.101.194.217:0
File typeUnicode text, UTF-8 text, with very long lines (5844) Hash9f703c1d1b064f5e72d8dba3484e868f 008cc8c438c57c51cc20bb4cb3e6452a287aaa8f a1a9f6ebf0e40976737eeb1b6c544d462e5e444fcc8f59ab044833e2737c05e0
GET /7.8.4/video-js.css?ver=7.8.4 HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Wed, 08 Jul 2020 20:29:36 GMT
etag: "397a94bb87dfd0a64ba4d3d502912e4a"
cache-control: public, max-age=31536000
content-type: text/css; charset=utf-8
content-encoding: gzip
date: Wed, 30 Nov 2022 23:35:32 GMT
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 3799
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 10738
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 1.0 kB |
IP142.250.74.131:0
File typegzip compressed data, from Unix\012- data Hash36eff96460e1e52491cb52f014b3a66d 2556bcee1f2a4d029aa8a2beed36d2e95211df64 572fbb4eec51b10db724c146e22a5265942a6c6757af9ac9808cc59f2da2df11
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 23:35:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| www.googletagmanager.com/gtag/js?id=UA-62001516-1 | 142.250.74.168 | 200 OK | 44 kB |
URL HTTP/2www.googletagmanager.com/gtag/js?id=UA-62001516-1 IP142.250.74.168:0
File typeASCII text, with very long lines (1921) Hash9cb4e978b5fcb7436c8ff8f7e530f31f 6b93433f334cb3c1024994ecfce90f2823fe0329 f904ecbed7ae3b318edd0ee816517436b0705eac2e7acd124468756d77192b26
GET /gtag/js?id=UA-62001516-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 30 Nov 2022 23:35:32 GMT
expires: Wed, 30 Nov 2022 23:35:32 GMT
cache-control: private, max-age=900
last-modified: Wed, 30 Nov 2022 22:37:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43545
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 472 B |
IP142.250.74.131:0
Hash188c50963e7939b1f26a31dbcb8c8200 859416e6148ea6618584e53604efcf072bb989cc 3a313cd3c1693a886bfbf6ffc6fbac78f87e6ded2b9a7749553444ada65ce36e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 23:35:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| syndication.realsrv.com/splash.php?native-settings=1&idzone=4713906&cookieconsent=true&&p=https%3A%2F%2Fxxxfree.watch%2Fhegre-helga%2F | 95.211.229.247 | 200 OK | 4.2 kB |
URL HTTP/1.1syndication.realsrv.com/splash.php?native-settings=1&idzone=4713906&cookieconsent=true&&p=https%3A%2F%2Fxxxfree.watch%2Fhegre-helga%2F IP95.211.229.247:0 ASN#60781 LeaseWeb Netherlands B.V.
File typeJSON data\012- , ASCII text, with very long lines (7875), with no line terminators Hash0894f760619acd7037818af63e658891 bad7e084600085b2e4b74ff04ba991a489362267 b29626eec33ab57f813e08aa49e0616e5d226310658cd6eaa525362c2b38dc01
GET /splash.php?native-settings=1&idzone=4713906&cookieconsent=true&&p=https%3A%2F%2Fxxxfree.watch%2Fhegre-helga%2F HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xxxfree.watch
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 30 Nov 2022 23:35:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://xxxfree.watch
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226387e8c4897b80.02298939400076985%22%3B%7D; expires=Fri, 29 Nov 2024 23:35:32 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=cmmsxrbonxgxaalsbbboageicmmsxaeenxgxaalsmleergeimacslbecnxgxaaabssxamgeislsaroornxgxaalrmxecrgeicxbmsbxcnxgxaalbcarllgeioslmrxlrnxgxaalmmeabageiccmmlmlcnxgxaalmaeerageialbsereanxgxaalrollmegeioslmrxbrnxgxaalbrxssogeicxbmsbcenxgxaalboamcogeioslmrxlsnxgxaalmbbxcbgeicxbmsbocnxgxaalbcxbsageicxbmsboenxgxaalbrxssogeiclsmarcanxgxaaallsxlcgeiclsmrrmanxgxaaallsxlcgeirbabxabbnxgxaablbccmbgeiccmmlleanxgxaalrollmegeimcrxsbcenxgxaameollsmgeimreaoboenxgxaameollsmgeimcclosscnxgxaalccxmexgeimacslbeenxgxaaboslelageioslmroemnxgxaalbcxbsageioslmrxbmnxgxaalbcarllgeicaxsscmbnxgxaalmlsmmcgeicaormlxonxgxaamealeoegeicaormbmcnxgxaamealeoegeimcclsxscnxgxaamsmxlcageimccloscanxgxaalbrxssogeimreaomxenxgxaamelbbsbgeimreaobscnxgxaamelbbsbgeimcclosconxgxaalrcerllgeimcclsoeonxgxaamxaacblgeimacslbeonxgxaaloesaslgeimcclsxsanxgxaamsmxlcageimcclsxlbnxgxaamssmcolgeimaecseaonxgxaamssmcolgeimaecsxeonxgxaamssmcolgeimaecseronxgxaamssmcolgeimrblelrenxgxaamssmcolgeiccmmllebnxgxaalmrsecmgeimcclsxlonxgxaamcsebsxgeimcclsoeenxgxaamcrclalgeimcclsxsbnxgxaamcrclalgeimcclossbnxgxaalbexcrageimcclsxlcnxgxaamrscxmxgeimaecseranxgxaabrlemaegeimcclosccnxgxaamrscxmxgeicaormlxcnxgxaalbxrlcegeicaormbmbnxgxaalrexasogeiclsmrbsenxgxaamaxcsxcgeialbserebnxgxaalmaeerageimcclsxconxgxaalmlsmmcgeimcclsxmenxgxaalmbbxcbgeialbserxonxgxaalbcxbsageimccloscenxgxaalmlsmmcgeimcclsxxonxgxaalrcerllgeimcclsxbcnxgxaammclslageicaormlxanxgxaammacmrxgeimcclsxaonxgxaaloarmmlgeimrblxxxbnxgxaambboecmgeimrblxelcnxgxaambboecmgeimrblxxrbnxgxaambboecmgeialbserxenxgxaalbxbllogeimacslbeanxgxaablxaelxgeialbserecnxgxaalssbrcxgeiccmmllecnxgxaalbcxbsageisaeeasslnxgxaabrbeccogeimcclossanxgxaabrlemaegeimcclsxronxgxaalraseexgeimaecseabnxgxaabrlemaegeimrblelrcnxgxaabrlemaegeimrblxemonxgxaabrlemaegeimcclsxcanxgxaalrlccrxgeimaecsxoonxgxaabmalbxxgeircsxcxscnxgxaabbxeomsgeicaormbbenxgxaalexxbcxgeiabeocmconxgxaablxrcmmgeimcclsxxcnxgxaalesmxrsgeimrblxeeanxgxaablsaloageimaecsemanxgxaalmmeabageimaecselonxgxaaloaroaageimcclsxacnxgxaalmeeamageimcclselenxgxaalmmeabageimaecsxronxgxaalxmmoorgeimaecsxsenxgxaalxmmoorgeimaecsercnxgxaalxmmoorgeimaecsembnxgxaalxmmoorgeimaecselenxgxaalxmmoorgeimaecobobnxgxaalsmleergeimaecomoanxgxaalsbbboageimrblxxoenxgxaalsbmacmgeimaecobsbnxgxaalsbbboageimrblxosonxgxaalsbbboageimcclsxmanxgxaalmeeamageimaecsxccnxgxaalmeeamageimrblxeecnxgxaalmeeamageimrblelronxgxaalmeeamageimrblelmonxgxaalmeeamageimxcbrxcenxgxaalmabebogxcceimxlbmoobnogxaalmabebogxcceicloaxxabnxgxaalmabaxagxcceicloaxxaanxgxaalmabaxagxcceimclsaoxbncgxaalmmeabagxcceimaecseacnxgxaalmmeabageimaecsxxcnxgxaalmmeabageimcssmlrcnsgxaalmmeabagxcceimraeelabnxgxaalmmeabagxcceimxlbalcenogxaalmmelobgxcceimmxsrbmensgxaalmmoborgxcceimmxsrbabnsgxaalmmoboagxcceimaxecobenogxaalmmccoxgxcceimxlbmxlcnogxaalmmrmlegxcceimxlbmxlenogxaalmmrmlxgxcceimmosssconsgxaalmmbxalgxcceimxxerrecnxgxaalmbxslogxcceimrxccosoncgxaalmbxslogxcceimxxrecsanxgxaalmbsmsbgxcceimxlbmosonogxaalmbcbelgxcceimcoaxmxcncgxaalmbcbxegxcceimasbmxconxgxaalmbacaogxcceimasbmxsbnxgxaalmbamamgxcceimxcbrxmbnsgxaalmbmorogxcceimcoaxmxoncgxaalmbbeblgxcceicloaxxmonxgxaalmbbeblgxcceicloaxxacnxgxaalmbbelagxcceimcssmlronsgxaalmbbxcbgxcceimrxccosancgxaalmbbxcbgxcceicloaecoanxgxaalmbbxbbgxcceicloaxxmenxgxaalmbbxbbgxcceialbbxexenxgxaalmbbxbbgxcceimxcbrxlonogxaalmlembogxcceimeembescnsgxaalmlsmmcgxcceimmoabamenagxaalmlsmmcgxcceialcaercenxgxaalmlcllagxcceialxosmbanxgxaalmlcllagxcceialbbebsbnxgxaalmlcllagxcceimraeelaanxgxaalmlcllagxcceimemlxmcbnxgxaalmlcllagxcceirrmlllronogxaalmlcllagxcceimasbmxsanxgxaalmlmbrlgxcceircmbbroanxgxaalbexcragxcceimxxerrxenxgxaalbexcragxcceimmoabamcnmgxaalbealcagxcceimrmoemsensgxaalbealcmgxcceialrexeoonogxaalbelxxxgxcceixaoossalnxgxaalbelxxxgxcceimeembecenxgxaalbelxxxgxcceimxlbmosensgxaalbxsbsegxcceimxlbmoscnrgxaalbxsbsegxcceimxlbmosansgxaalbxsbsegxcceimclxlloanxgxaalbxsbrlgxcceixaoosscrnrgxaalbxsbbcgxcceimmxsrbaonsgxaalbxsbbcgxcceicmarxbbonsgxaalbxsbbcgxcceimmxsrbaansgxaalbxsbbcgxcceimmxcxslenxgxaalbxslsxgxcceimaoobbebnxgxaalbxcsmmgxcceiallxlmxbnxgxaalbxrlcegxcceicaormbmanxgxaalbxrlcegeimcrxeosbnxgxaalbxrlcxgxcceimcrxeoccnxgxaalbxrlcxgxcceimxlbalscnogxaalbxbllogxcceimaooloranxgxaalbxbllogxcceimexlaeoonxgxaalbxlblcgxcceialbbebsanogxaalboobaogxcceimxlbmoconogxaalboclmlgxcceimrxccoscncgxaalboarergxcceimxcbrxronxgxaalboaamrgxcceialbbebrenxgxaalboaamrgxcceialbmbrmcnxgxaalboaamrgxcceimxcbrxscnxgxaalboaamrgxcceirreacmsbnxgxaalboamcogxcceimxxerrebnxgxaalboamcogxcceiaaxcambbncgxaalboamcogxcceimaoobrbanagxaalbsbboagxcceimaoobrbcnmgxaalbsbboagxcceimmsxrlaanxgxaalbsbboagxcceimeembesonxgxaalbsbboagxcceimcssmlrensgxaalbsbboagxcceimxlbmxlonogxaalbsbboagxcceimsacexoonxgxaalbsbboagxcceimxlbmxbbnogxaalbsbboagxcceimxlbalsbnogxaalbsbboagxcceimmsxrlmonxgxaalbcelorgxcceimmsxrlabnxgxaalbcelorgxcceimxcbrxabnxgxaalbcxamrgxcceimxxerreanxgxaalbcxamrgxcceiceecmorsnxgxaalbcxammgxcceimrlsemaenxgxaalbcxammgxcceimxeoxsacncgxaalbcxbsagxcceimxcbrxlcnogxaalbccsoxgxcceimmsxrlmenxgxaalbcacbagxcceimemlxbocnxgxaalbcarllgxcceimxcbrxsenxgxaalbcarllgxcceimrmaobxanogxaalbcaaeegxcceimrxccosenxgxaalbcmascgxcceimmsxarcbnxgxaalbcmasrgxcceimxcbrxaonxgxaalbcmaregxcceimellbosonxgxaalbcmaregxcceimmossscenxgxaalbreabsgxcceimxeemblenxgxaalbreabsgxcceimmooobrcnxgxaalbremcogxcce; expires=Thu, 01 Dec 2022 23:35:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C74492346%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 01 Dec 2022 23:35:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C71021364%7C110382%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 01 Dec 2022 23:35:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C41873820%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 01 Dec 2022 23:35:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C23975185%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 01 Dec 2022 23:35:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 280 B |
IP93.184.220.29:0
Hasheafa7fb72351c7bd72fe121805fc2c87 709ce079d9cd88a83b5ef8d814113774b7173d88 d7e7e585174bb7a03465afdcbf5a06f608100eb364f612b2890a81fb560373b8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=110960
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 23:35:32 GMT
Etag: "6386f734-118"
Expires: Fri, 02 Dec 2022 06:24:52 GMT
Last-Modified: Wed, 30 Nov 2022 06:24:52 GMT
Server: nginx
Content-Length: 280
|
|
| syndication.realsrv.com/splash.php?native-settings=1&idzone=4673694&cookieconsent=true&&p=https%3A%2F%2Fxxxfree.watch%2Fhegre-helga%2F | 95.211.229.247 | 200 OK | 6.6 kB |
URL HTTP/1.1syndication.realsrv.com/splash.php?native-settings=1&idzone=4673694&cookieconsent=true&&p=https%3A%2F%2Fxxxfree.watch%2Fhegre-helga%2F IP95.211.229.247:0 ASN#60781 LeaseWeb Netherlands B.V.
File typeJSON data\012- , ASCII text, with very long lines (13461), with no line terminators Hashb559421edf261a5aab9b6fd77b426f4a 5b3b299eaf53cba3af5ec8b0b3409d366e349504 2bc477b8748ae1787b1f64d06687e28170ce5a6a14028fd9956361d910db8993
GET /splash.php?native-settings=1&idzone=4673694&cookieconsent=true&&p=https%3A%2F%2Fxxxfree.watch%2Fhegre-helga%2F HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xxxfree.watch
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 30 Nov 2022 23:35:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://xxxfree.watch
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226387e8c48271b1.978197352578307392%22%3B%7D; expires=Fri, 29 Nov 2024 23:35:32 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=cmmsxrbonxgxaalsbbboageicmmsxaeenxgxaalsmleergeimacslbecnxgxaaabssxamgeislsaroornxgxaalrmxecrgeicxbmsbxcnxgxaalbcarllgeioslmrxlrnxgxaalbrxssogeiccmmlmlcnxgxaalmaeerageialbsereanxgxaalrollmegeioslmrxbrnxgxaalboaamrgeicxbmsbcenxgxaalbrxssogeioslmrxlsnxgxaalmbbxcbgeicxbmsbocnxgxaalbcxbsageicxbmsboenxgxaalalmsbrgeiclsmarcanxgxaaallsxlcgeiclsmrrmanxgxaaallsxlcgeirbabxabbnxgxaablbccmbgeiccmmlleanxgxaalrollmegeimcrxsbcenxgxaameollsmgeimreaoboenxgxaameollsmgeimcclosscnxgxaalccxmexgeimacslbeenxgxaaboslelageioslmroemnxgxaalbcxbsageioslmrxbmnxgxaalbcarllgeicaxsscmbnxgxaalmlsmmcgeicaormlxonxgxaamealeoegeicaormbmcnxgxaamealeoegeimcclsxscnxgxaamsmxlcageimccloscanxgxaalbrxssogeimreaomxenxgxaamelbbsbgeimreaobscnxgxaamelbbsbgeimcclosconxgxaalrcerllgeimcclsoeonxgxaamxaacblgeimacslbeonxgxaaloesaslgeimcclsxsanxgxaamsmxlcageimcclsxlbnxgxaamssmcolgeimaecseaonxgxaamssmcolgeimaecsxeonxgxaamssmcolgeimaecseronxgxaamssmcolgeimrblelrenxgxaamssmcolgeiccmmllebnxgxaalmrsecmgeimcclsxlonxgxaamcsebsxgeimcclsoeenxgxaamcrclalgeimcclsxsbnxgxaamcrclalgeimcclossbnxgxaalbexcrageimcclsxlcnxgxaamrscxmxgeimaecseranxgxaabrlemaegeimcclosccnxgxaamrscxmxgeicaormlxcnxgxaalbxrlcegeicaormbmbnxgxaalrexasogeiclsmrbsenxgxaamaxcsxcgeialbserebnxgxaalmaeerageimcclsxconxgxaalbrxssogeimcclsxmenxgxaalmbbxcbgeialbserxonxgxaalbcxbsageimccloscenxgxaalmlsmmcgeimcclsxxonxgxaalrcerllgeimcclsxbcnxgxaammclslageicaormlxanxgxaammacmrxgeimcclsxaonxgxaalbrxssogeimrblxxxbnxgxaambboecmgeimrblxelcnxgxaambboecmgeimrblxxrbnxgxaambboecmgeialbserxenxgxaalbxbllogeimacslbeanxgxaablxaelxgeialbserecnxgxaalssbrcxgeiccmmllecnxgxaalbcxbsageisaeeasslnxgxaabrbeccogeimcclossanxgxaabrlemaegeimcclsxronxgxaalraseexgeimaecseabnxgxaabrlemaegeimrblelrcnxgxaabrlemaegeimrblxemonxgxaabrlemaegeimcclsxcanxgxaalrlccrxgeimaecsxoonxgxaabmalbxxgeircsxcxscnxgxaabbxeomsgeicaormbbenxgxaalexxbcxgeiabeocmconxgxaablxrcmmgeimcclsxxcnxgxaalesmxrsgeimrblxeeanxgxaablsaloageimaecsemanxgxaalmmeabageimaecselonxgxaaloaroaageimcclsxacnxgxaalmeeamageimcclselenxgxaalbrxssogeimaecsxronxgxaalxmmoorgeimaecsxsenxgxaalxmmoorgeimaecsercnxgxaalxmmoorgeimaecsembnxgxaalxmmoorgeimaecselenxgxaalxmmoorgeimaecobobnxgxaalsmleergeimaecomoanxgxaalsbbboageimrblxxoenxgxaalsbmacmgeimaecobsbnxgxaalsbbboageimrblxosonxgxaalsbbboageimcclsxmanxgxaalmeeamageimaecsxccnxgxaalmeeamageimrblxeecnxgxaalmeeamageimrblelronxgxaalmeeamageimrblelmonxgxaalmeeamageimxcbrxcenxgxaalmabebogxcceimxlbmoobnogxaalmabebogxcceicloaxxabnxgxaalmabaxagxcceicloaxxaanxgxaalmabaxagxcceimclsaoxbncgxaalmmeabagxcceimaecseacnxgxaalmmeabageimaecsxxcnxgxaalmmeabageimcssmlrcnsgxaalmmeabagxcceimraeelabnxgxaalmmeabagxcceimxlbalcenogxaalmmelobgxcceimmxsrbmensgxaalmmoborgxcceimmxsrbabnsgxaalmmoboagxcceimaxecobenogxaalmmccoxgxcceimxlbmxlcnogxaalmmrmlegxcceimxlbmxlenogxaalmmrmlxgxcceimmosssconsgxaalmmbxalgxcceimxxerrecnxgxaalmbxslogxcceimrxccosoncgxaalmbxslogxcceimxxrecsanxgxaalmbsmsbgxcceimxlbmosonogxaalmbcbelgxcceimcoaxmxcncgxaalmbcbxegxcceimasbmxconxgxaalmbacaogxcceimasbmxsbnxgxaalmbamamgxcceimxcbrxmbnsgxaalmbmorogxcceimcoaxmxoncgxaalmbbeblgxcceicloaxxmonxgxaalmbbeblgxcceicloaxxacnxgxaalmbbelagxcceimcssmlronsgxaalmbbxcbgxcceimrxccosancgxaalmbbxcbgxcceicloaecoanxgxaalmbbxbbgxcceicloaxxmenxgxaalmbbxbbgxcceialbbxexenxgxaalmbbxbbgxcceimxcbrxlonogxaalmlembogxcceimeembescnsgxaalmlsmmcgxcceimmoabamenagxaalmlsmmcgxcceialcaercenxgxaalmlcllagxcceialxosmbanxgxaalmlcllagxcceialbbebsbnxgxaalmlcllagxcceimraeelaanxgxaalmlcllagxcceimemlxmcbnxgxaalmlcllagxcceirrmlllronogxaalmlcllagxcceimasbmxsanxgxaalmlmbrlgxcceircmbbroanxgxaalbexcragxcceimxxerrxenxgxaalbexcragxcceimmoabamcnmgxaalbealcagxcceimrmoemsensgxaalbealcmgxcceialrexeoonogxaalbelxxxgxcceixaoossalnxgxaalbelxxxgxcceimeembecenxgxaalbelxxxgxcceimxlbmosensgxaalbxsbsegxcceimxlbmoscnrgxaalbxsbsegxcceimxlbmosansgxaalbxsbsegxcceimclxlloanxgxaalbxsbrlgxcceixaoosscrnrgxaalbxsbbcgxcceimmxsrbaonsgxaalbxsbbcgxcceicmarxbbonsgxaalbxsbbcgxcceimmxsrbaansgxaalbxsbbcgxcceimmxcxslenxgxaalbxslsxgxcceimaoobbebnxgxaalbxcsmmgxcceiallxlmxbnxgxaalbxrlcegxcceicaormbmanxgxaalbxrlcegeimcrxeosbnxgxaalbxrlcxgxcceimcrxeoccnxgxaalbxrlcxgxcceimxlbalscnogxaalbxbllogxcceimaooloranxgxaalbxbllogxcceimexlaeoonxgxaalbxlblcgxcceialbbebsanogxaalboobaogxcceimxlbmoconogxaalboclmlgxcceimrxccoscncgxaalboarergxcceimxcbrxronxgxaalboaamrgxcceialbbebrenxgxaalboaamrgxcceialbmbrmcnxgxaalboaamrgxcceimxcbrxscnxgxaalboaamrgxcceirreacmsbnxgxaalboamcogxcceimxxerrebnxgxaalboamcogxcceiaaxcambbncgxaalboamcogxcceimaoobrbanagxaalbsbboagxcceimaoobrbcnmgxaalbsbboagxcceimmsxrlaanxgxaalbsbboagxcceimeembesonxgxaalbsbboagxcceimcssmlrensgxaalbsbboagxcceimxlbmxlonogxaalbsbboagxcceimsacexoonxgxaalbsbboagxcceimxlbmxbbnogxaalbsbboagxcceimxlbalsbnogxaalbsbboagxcceimmsxrlmonxgxaalbcelorgxcceimmsxrlabnxgxaalbcelorgxcceimxcbrxabnxgxaalbcxamrgxcceimxxerreanxgxaalbcxamrgxcceiceecmorsnxgxaalbcxammgxcceimrlsemaenxgxaalbcxammgxcceimxeoxsacnsgxaalbcxbsagxcceimxcbrxlcnogxaalbccsoxgxcceimmsxrlmenxgxaalbcacbagxcceimemlxbocnxgxaalbcarllgxcceimxcbrxsenxgxaalbcarllgxcceimrmaobxanogxaalbcaaeegxcceimrxccosenxgxaalbcmascgxcceimmsxarcbnxgxaalbcmasrgxcceimxcbrxaonxgxaalbcmaregxcceimellbosonxgxaalbcmaregxcceimmossscenogxaalbreabsgxcceimxeemblenxgxaalbreabsgxcceimmooobrcnxgxaalbremcogxcceimaecsxocnxgxaalbrxssoge; expires=Thu, 01 Dec 2022 23:35:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C23975195%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 01 Dec 2022 23:35:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C77233340%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 01 Dec 2022 23:35:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C74492346%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 01 Dec 2022 23:35:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C74493162%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 01 Dec 2022 23:35:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C74493090%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 01 Dec 2022 23:35:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C41873840%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 01 Dec 2022 23:35:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C74493142%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 01 Dec 2022 23:35:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4673694%7C76043124%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 01 Dec 2022 23:35:32 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
|
|
| www.cdn4ads.com/carto.min.js | 185.76.9.14 | 200 OK | 13 kB |
URL HTTP/2www.cdn4ads.com/carto.min.js IP185.76.9.14:0 ASN#60068 Datacamp Limited
File typeHTML document, ASCII text, with very long lines (1568), with CRLF line terminators Hash5936b1b8d3ba0cd74eb3a429bbec9e50 03bef30cc2f0dd0534a7c0e17a8736132c729351 0391e3294c2a5715c6323e5b45a1290100b355cbcb8c2a4c9a5a01c8be0f0ae4
GET /carto.min.js HTTP/1.1
Host: www.cdn4ads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xxxfree.watch
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:32 GMT
content-type: application/x-javascript
alt-svc: quic="185.76.9.13:443"; ma=2592000; v="44,43,39"
expires: Fri, 02 Dec 2022 21:02:35 GMT
access-control-allow-origin: *
link: <https://cdn4ads.com/>;rel=preconnect,<https://c.adsco.re/>;rel=preconnect,<https://adsco.re/>;rel=preconnect
cache-control: public, max-age=604800
x-accel-expires: @1670014955
server: CDN77-Turbo
x-77-nzt: AblMCQ1+jhH/WbsGAA
x-77-nzt-ray: c0a4cc2879e76919c4e8876359a6921d
x-cache: HIT
x-age: 441177
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 280 B |
IP93.184.220.29:0
Hasheafa7fb72351c7bd72fe121805fc2c87 709ce079d9cd88a83b5ef8d814113774b7173d88 d7e7e585174bb7a03465afdcbf5a06f608100eb364f612b2890a81fb560373b8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=110960
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 23:35:32 GMT
Etag: "6386f734-118"
Expires: Fri, 02 Dec 2022 06:24:52 GMT
Last-Modified: Wed, 30 Nov 2022 06:24:52 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 280
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 34.102.187.140 | 200 OK | 329 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP34.102.187.140:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 30 Nov 2022 23:08:56 GMT
cache-control: public,max-age=3600
age: 1596
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 471 B |
IP93.184.220.29:0
Hashcfdd00e67ee6ca21712b867eb5288ab6 b61d5d6ec3b7ad71619e13e32c87f2d01871b88a f740cac6dfedc1bf0f82efb10dac4f6ffb22f9bb5d4a9b68a4cd971dd2f65793
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3210
Cache-Control: max-age=123889
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 23:35:32 GMT
Etag: "63871d2b-1d7"
Expires: Fri, 02 Dec 2022 10:00:21 GMT
Last-Modified: Wed, 30 Nov 2022 09:06:51 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
|
|
| syndication.realsrv.com/v1/api.php | 95.211.229.247 | 200 OK | 1.1 kB |
URL HTTP/1.1syndication.realsrv.com/v1/api.php IP95.211.229.247:0 ASN#60781 LeaseWeb Netherlands B.V.
File typeJSON data\012- , ASCII text, with very long lines (1519), with no line terminators Hash894992fc594030eee0e1ff9e36c72188 7e039e17f92a51627d878ff3ba1c058724dbc1a4 b22b6a2f158e04559c5bd5a9cafb7ee1e8676823e3ea433e70707cf48b03aca5
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 312
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226387e8c4941221.757334201856422759%22%3B%7D; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C23975185%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 30 Nov 2022 23:35:32 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
|
|
| syndication.realsrv.com/v1/api.php | 95.211.229.247 | 200 OK | 1.1 kB |
URL HTTP/1.1syndication.realsrv.com/v1/api.php IP95.211.229.247:0 ASN#60781 LeaseWeb Netherlands B.V.
File typeJSON data\012- , ASCII text, with very long lines (1518), with no line terminators Hashbc7db41f542127dad41160d1de2220db e7cb70de63b4b88616d823e8e25dd959a92cff8d 4563ea533cdbd7ce35d6f37ff6e32a47ba1f6a447c067ec33094311fc4fc7a5f
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 312
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226387e8c4941221.757334201856422759%22%3B%7D; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C23975185%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 30 Nov 2022 23:35:32 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
|
|
| unpkg.com/progressbar.js@1.1.0/dist/progressbar.min.js | 104.16.125.175 | 200 OK | 9.1 kB |
URL HTTP/2unpkg.com/progressbar.js@1.1.0/dist/progressbar.min.js IP104.16.125.175:0
File typeASCII text, with very long lines (29325) Hashb72f4130650701a4490355cbf62418c5 87812bd40646ce89f298a439e294a3fc5041ede1 60546e09b1ca3a9172cda0388836ca4106d7f63fe2a92776d36b60fdd1269f5c
GET /progressbar.js@1.1.0/dist/progressbar.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:32 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"7315-VGu3QlAvqjb4wruVTC8CgYdmBAQ"
via: 1.1 fly.io
fly-request-id: 01F3YGTHVETVB9B7TG2TW5GR8F
cf-cache-status: HIT
age: 19162096
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7727666e4cd50b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| e1.o.lencr.org/ | 23.36.77.32 | 200 OK | 344 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash194200b49952222e8faddbba7bd295c9 a17d1ae80f47f468a21f19f2aedf288086c99b7b 358954cf4e2932bcf63503975356b3242711e4f8607751e36a8475d4e22fa7c3
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "358954CF4E2932BCF63503975356B3242711E4F8607751E36A8475D4E22FA7C3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3817
Expires: Thu, 01 Dec 2022 00:39:09 GMT
Date: Wed, 30 Nov 2022 23:35:32 GMT
Connection: keep-alive
|
|
| syndication.realsrv.com/v1/api.php | 95.211.229.247 | 200 OK | 1.1 kB |
URL HTTP/1.1syndication.realsrv.com/v1/api.php IP95.211.229.247:0 ASN#60781 LeaseWeb Netherlands B.V.
File typeJSON data\012- , ASCII text, with very long lines (1524), with no line terminators Hash8e2a940cda6897812f09bca3e432cc15 c9ae86c126a5ab842acf11c3d16bdfdf0f2c7b37 dce2740b579423e03bf5fb3f7d8412630a6611ca035c94ea864febdee86adbc9
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 312
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226387e8c4941221.757334201856422759%22%3B%7D; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C23975185%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 30 Nov 2022 23:35:32 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
|
|
| commentsengine.com/js/js.load.1.js?2890546494633759 | 172.67.190.246 | 200 OK | 0 B |
URL HTTP/2commentsengine.com/js/js.load.1.js?2890546494633759 IP172.67.190.246:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /js/js.load.1.js?2890546494633759 HTTP/1.1
Host: commentsengine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:32 GMT
content-type: application/javascript; charset=UTF-8
content-length: 0
last-modified: Thu, 14 Apr 2022 12:20:52 GMT
etag: "625811a4-0"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
x-cache-status-inferno-s: MISS
x-inferno-location: static
cf-cache-status: HIT
age: 15300657
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eCwjSCIrDOme749D9qvZ1%2Fh9tlMtr%2B9DkES%2B%2BvtK6iaQIJ%2F6tR5kzlew0cYuqEEZGE7vvWn6vQDMtsZF3h6vRANU8Tg1Hts%2BJESW0uDqP8pBMlcOrOCAk3HvBc1PUMDQn0jlOnE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7727666f0cefb51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 280 B |
IP93.184.220.29:0
Hasha0658758c09af9fdb7cacef0b8229d43 053fe01d708967bba7942de69a969ecca2e3311f eccc9c32bc6ce5d750af9f8621e4178d39fd3c02215f52b96cfef9fc3df832a3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6016
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 23:35:33 GMT
Last-Modified: Wed, 30 Nov 2022 21:55:17 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 280
|
|
| 6.adsco.re/ | 104.17.167.186 | 200 OK | 0 B |
IP104.17.167.186:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: 6.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xxxfree.watch
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:33 GMT
content-type: text/plain;charset=UTF-8
content-length: 0
access-control-allow-origin: https://xxxfree.watch
cache-control: private, max-age=10
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-max-age: 2592000
vary: Accept-Encoding
server: cloudflare
cf-ray: 7727666f890bb50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 4.adsco.re/ | 162.252.214.5 | 200 OK | 62 B |
IP162.252.214.5:0
File typeASCII text, with no line terminators Hashadde5febc7b5b6c2c759ec735cce83a0 77ec17be8a9970ff04663294d41c590d0d24fde4 ce2b9f2e5005195de7add565505005be6f2ef0d37521771e15106d1e1b9260ff
GET / HTTP/1.1
Host: 4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xxxfree.watch
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 23:35:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://xxxfree.watch
Access-Control-Max-Age: 2592000
Cache-Control: private, max-age=5
Content-Encoding: gzip
|
|
| push.services.mozilla.com/ | 54.191.251.76 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP54.191.251.76:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: NuhfSnt2dnr/AWg1EwqGqQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 4E4oOrICS7kmym1HT52Oo4czkNA=
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashd02702fbf638d52897593c90ae3b0fce a9de1e8bd78b41f6002d6bb9e9a556477539ebf9 d4c72521fe1b119a37d1cebfee005ae39101a01ecbd10d14ad6383958dd3c1b8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D4C72521FE1B119A37D1CEBFEE005AE39101A01ECBD10D14AD6383958DD3C1B8"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2134
Expires: Thu, 01 Dec 2022 00:11:07 GMT
Date: Wed, 30 Nov 2022 23:35:33 GMT
Connection: keep-alive
|
|
| www.google-analytics.com/analytics.js | 142.250.74.110 | 200 OK | 20 kB |
URL HTTP/2www.google-analytics.com/analytics.js IP142.250.74.110:0
File typeASCII text, with very long lines (1325) Hash47e6f374ca946fddd5b59871b325736c baa9282efc8785e84d247c3bff518eaa45f101c4 16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Wed, 30 Nov 2022 22:41:08 GMT
expires: Thu, 01 Dec 2022 00:41:08 GMT
cache-control: public, max-age=7200
age: 3265
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash5946293de07f462acaf7911368fa2fcb 7c48a92efee86c367eb3f6d6c21e0bde5a45ac9a 815b297511094288f745f230c7f3cb097f8f823c9cf67de63713aeceaf98d356
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "815B297511094288F745F230C7F3CB097F8F823C9CF67DE63713AECEAF98D356"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3495
Expires: Thu, 01 Dec 2022 00:33:48 GMT
Date: Wed, 30 Nov 2022 23:35:33 GMT
Connection: keep-alive
|
|
| s10.histats.com/js15_as.js | 46.105.201.240 | 200 OK | 4.4 kB |
URL HTTP/2s10.histats.com/js15_as.js IP46.105.201.240:0
File typeHTML document, ASCII text, with very long lines (11440), with no line terminators Hashed192092c129db6123a3397855f42619 067e9b8e26cf6246eb84c6b9cf3da0c192ce7b3e 998fff486a7fb38b6ed445edc36c9b317b70950cd39efcf4012ca641312fcee1
GET /js15_as.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:30:44 GMT
etag: "-375139978"
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-request-id: 122193733
content-type: application/javascript; charset=UTF-8
content-encoding: br
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 4364
X-Firefox-Spdy: h2
|
|
| zlxelxifssxm.n4.adsco.re/ | 38.132.109.186 | 200 OK | 0 B |
URL HTTP/1.1zlxelxifssxm.n4.adsco.re/ IP38.132.109.186:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: zlxelxifssxm.n4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://xxxfree.watch
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 23:35:33 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:32:42 GMT
Connection: close
ETag: "5b5f2f9a-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash969a0e9a60c512b5d7469302e816817a f16ade6e6f4a9e67e29801dc141acaa9ef04df55 f9ced62d1556a244ddafde4bfc67ddf4e815bdf7096aa2470df48f11d5dc3ecf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F9CED62D1556A244DDAFDE4BFC67DDF4E815BDF7096AA2470DF48F11D5DC3ECF"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12859
Expires: Thu, 01 Dec 2022 03:09:52 GMT
Date: Wed, 30 Nov 2022 23:35:33 GMT
Connection: keep-alive
|
|
| testingmetriksbre.ru/f.php?sid=212040 | 104.26.1.119 | 200 OK | 173 B |
URL HTTP/2testingmetriksbre.ru/f.php?sid=212040 IP104.26.1.119:0
Hash0c3894f05b6c6fccfcc8e7265f4d4323 00f962eeb33673fffffe8eaf79e0d14aad1adf3b f43669a417c0b8a6faa31a54e9a815f70b267d7a55e5edf5443bf803f80293cd
GET /f.php?sid=212040 HTTP/1.1
Host: testingmetriksbre.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:33 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33
cache-control: no-store, no-cache, must-revalidate, max-age=0
x-robots-tag: noindex
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IAsO%2F3nAeHzigeVb%2F%2FspVScIEkP5UYFfSGI9CC0KCmfNwN2hnC2OZV%2FJwrjsbVMe7pN91sKjUxs7NiNzJPkLSKLGAWAAsngLiMU%2BDXXi0XKMHiRavYe%2BFNTwoVbHtyMJN6DPbD5z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772766713a30b518-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash834e4f5c8bf72b88408f61fc40f5edc7 ada1bc866cba0ab19d9650c9a846f50d8118cbba 9d7e02cd4efeabab4225d9a9f52dda11bbe5ad691dee225306d99fc1912c4aad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9D7E02CD4EFEABAB4225D9A9F52DDA11BBE5AD691DEE225306D99FC1912C4AAD"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11554
Expires: Thu, 01 Dec 2022 02:48:07 GMT
Date: Wed, 30 Nov 2022 23:35:33 GMT
Connection: keep-alive
|
|
| alleviatepracticableaddicted.com/a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js | 173.233.137.36 | 200 OK | 11 kB |
URL HTTP/1.1alleviatepracticableaddicted.com/a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js IP173.233.137.36:0
File typeASCII text, with very long lines (32142), with no line terminators Hash95632ca968ab5922efd53e417d77799b 07bb082c849064cada1120205dbb45c9cb870913 f70df574952baba8f626726e78f9ef75fa7b0b9cf04eea9a27193a436faf17b1
Analyzer | Verdict | Alert | quad9 | Sinkholed | |
GET /a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js HTTP/1.1
Host: alleviatepracticableaddicted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 30 Nov 2022 23:35:33 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 49822dc7b9ec5a0dc2d490e18fc8b97d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| watchxxxfree.xyz/wp-content/uploads/2019/03/logo2015-1-1.png | 172.67.193.121 | 301 Moved Permanently | 49 B |
URL HTTP/2watchxxxfree.xyz/wp-content/uploads/2019/03/logo2015-1-1.png IP172.67.193.121:0
File typeASCII text, with no line terminators Hash61ac9c1734b5ac58643d2df0bef94012 61f06e81a3ac798f58ff3c3f72085ad8095a515d db2561afcd26524ef38179074fa31a09157f17ac7954ad692f703290a2113964
GET /wp-content/uploads/2019/03/logo2015-1-1.png HTTP/1.1
Host: watchxxxfree.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Wed, 30 Nov 2022 23:35:33 GMT
location: https://xxxfree.watch/wp-content/uploads/2019/03/logo2015-1-1.png
cache-control: max-age=3600
expires: Thu, 01 Dec 2022 00:35:33 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BPtvNB7GWkkTA6qSqtsRJ5%2BOYHpebDEN4DGrRfxQKtPOrbDqz1v8qTfPOfzB2Uw%2Bvdnaox6%2B3%2BNW%2BClWSx6uOkxqNJyI2EZ%2FL46TDSvZ%2BDWy9YuP%2FaEQz8MTdLEwCyvDnq1D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77276671cf81b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| e1.o.lencr.org/ | 23.36.77.32 | 200 OK | 346 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash635eba2ec841f80118a858a94bb84ff5 591895548f1f166a16c790740656cb194d0f7760 d2e62fd34b70872cb8f68cd1fdae7f1476019968f63accab24e4d822933c07ff
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "D2E62FD34B70872CB8F68CD1FDAE7F1476019968F63ACCAB24E4D822933C07FF"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19876
Expires: Thu, 01 Dec 2022 05:06:49 GMT
Date: Wed, 30 Nov 2022 23:35:33 GMT
Connection: keep-alive
|
|
| ocsp.sca1b.amazontrust.com/ | 143.204.42.156 | 200 OK | 471 B |
URL HTTP/1.1ocsp.sca1b.amazontrust.com/ IP143.204.42.156:0
Hash819f953b0edd066d30cf5847c5564d3c 12f3ea06c2a617db03caa556e37c1cb106d44f93 9794d926ccf993a8cd760c76077cf94f5b270633aff450e45934a5c8fd52d62d
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=139677
Date: Wed, 30 Nov 2022 23:35:34 GMT
Etag: "63875b15-1d7"
Expires: Fri, 02 Dec 2022 14:23:31 GMT
Last-Modified: Wed, 30 Nov 2022 13:31:01 GMT
Server: ECS (nyb/1D32)
X-Cache: Miss from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 9YAJsGs-YLJ-H6MhxN4Z_f8WXyP3-19fUVz9Wk-aUluexMU9Pu8D0g==
Age: 3150
|
|
| simplewebanalysis.com/stats | 52.28.211.11 | 200 OK | 40 B |
URL HTTP/2simplewebanalysis.com/stats IP52.28.211.11:0
File typeASCII text, with no line terminators Hash80f0c8c79a0045ca91c929fe6f293e99 dd7b35f484aa39faa2f81c4c8992beb302e00f6a 2ac2802fc7912ca253525841027ef9387614482f5f5d98a0296e753ba0837b84
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://woffxxx.com
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:34 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://woffxxx.com
access-control-allow-credentials: true
set-cookie: uid_id2=aaffba01-f6ea-42c9-886c-9f92d1f9a13d:3:1; expires=Sat, 27 Nov 2032 23:35:34 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
|
|
| e1.o.lencr.org/ | 23.36.77.32 | 200 OK | 346 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash635eba2ec841f80118a858a94bb84ff5 591895548f1f166a16c790740656cb194d0f7760 d2e62fd34b70872cb8f68cd1fdae7f1476019968f63accab24e4d822933c07ff
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "D2E62FD34B70872CB8F68CD1FDAE7F1476019968F63ACCAB24E4D822933C07FF"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19875
Expires: Thu, 01 Dec 2022 05:06:49 GMT
Date: Wed, 30 Nov 2022 23:35:34 GMT
Connection: keep-alive
|
|
| zlxelxifssxm.s4.adsco.re/ | 185.200.116.90 | 200 OK | 0 B |
URL HTTP/1.1zlxelxifssxm.s4.adsco.re/ IP185.200.116.90:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: zlxelxifssxm.s4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://xxxfree.watch
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 23:35:34 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:38:01 GMT
Connection: close
ETag: "5b5f30d9-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash443a03f01a54135005d852424445bc97 f0789df9d231889773a09962e9d93f4153529ac8 07fc624d6ead4553d247852baf85d3d308386bbdd58948e3dcbcc5835a9274f7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "07FC624D6EAD4553D247852BAF85D3D308386BBDD58948E3DCBCC5835A9274F7"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2932
Expires: Thu, 01 Dec 2022 00:24:26 GMT
Date: Wed, 30 Nov 2022 23:35:34 GMT
Connection: keep-alive
|
|
| parkingridiculous.com/0a/6e/9a/0a6e9a96058c7f39edbf4999920d05a3.js | 192.243.61.227 | 200 OK | 29 kB |
URL HTTP/1.1parkingridiculous.com/0a/6e/9a/0a6e9a96058c7f39edbf4999920d05a3.js IP192.243.61.227:0 ASN#39572 DataWeb Global Group B.V.
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators Hash78ad79eeed3aa4a74fae1b622e6d510a e2c9b8f52c5aa92fbb3a69bad43ac84bb5028404 b19cd1c430a15c42acb9c2bb777275ddd30d121286fd2006463818f1c3b348c8
Analyzer | Verdict | Alert | fortinet | Malware | | quad9 | Sinkholed | |
GET /0a/6e/9a/0a6e9a96058c7f39edbf4999920d05a3.js HTTP/1.1
Host: parkingridiculous.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Wed, 30 Nov 2022 23:35:34 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e3789fefd65f74886045aa9868f249fe
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashac3edd07bb0a4ebdaae6ec26e91d2079 b6efe3811dfa37cdcde1e9d411c171732ac7e12a c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17820
Expires: Thu, 01 Dec 2022 04:32:34 GMT
Date: Wed, 30 Nov 2022 23:35:34 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashac3edd07bb0a4ebdaae6ec26e91d2079 b6efe3811dfa37cdcde1e9d411c171732ac7e12a c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17820
Expires: Thu, 01 Dec 2022 04:32:34 GMT
Date: Wed, 30 Nov 2022 23:35:34 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashac3edd07bb0a4ebdaae6ec26e91d2079 b6efe3811dfa37cdcde1e9d411c171732ac7e12a c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17820
Expires: Thu, 01 Dec 2022 04:32:34 GMT
Date: Wed, 30 Nov 2022 23:35:34 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hasha97c452e75cf1d4833e777d7ba7f2c47 58f15763fd33f742ce870f49f1c2dbed5b41205f 39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3768
Expires: Thu, 01 Dec 2022 00:38:22 GMT
Date: Wed, 30 Nov 2022 23:35:34 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashac3edd07bb0a4ebdaae6ec26e91d2079 b6efe3811dfa37cdcde1e9d411c171732ac7e12a c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17820
Expires: Thu, 01 Dec 2022 04:32:34 GMT
Date: Wed, 30 Nov 2022 23:35:34 GMT
Connection: keep-alive
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c95c82f-93f9-4783-a6c2-2c737a51d52c.jpeg | 34.120.237.76 | 200 OK | 13 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c95c82f-93f9-4783-a6c2-2c737a51d52c.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash1039182464db1365a476dd88029b97d8 06b395b4fbad5ad9c9fb6a4fb24c1eee607aa8ac 2e081da1464a18d755a841558f63303634a9e22df888c9c43246565abfc3d48d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c95c82f-93f9-4783-a6c2-2c737a51d52c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12655
x-amzn-requestid: beeeccd0-a494-4d0c-91e9-0d1e2ab37b6f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb0YoFmMIAMFT4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cdd0-60f5e2286cf3965a42ab31b9;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:40:32 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CiGOvF7Lmz8cICQcjUcE6QGokbAIAd3WClI4PK_aDSxo-yHVcPPA7w==
via: 1.1 49cdeca097624936e070b73619df7da8.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:45:29 GMT
age: 6605
etag: "06b395b4fbad5ad9c9fb6a4fb24c1eee607aa8ac"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| simplewebanalysis.com/stats | 52.28.211.11 | 200 OK | 40 B |
URL HTTP/2simplewebanalysis.com/stats IP52.28.211.11:0
File typeASCII text, with no line terminators Hash80f0c8c79a0045ca91c929fe6f293e99 dd7b35f484aa39faa2f81c4c8992beb302e00f6a 2ac2802fc7912ca253525841027ef9387614482f5f5d98a0296e753ba0837b84
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://woffxxx.com
Connection: keep-alive
Referer: https://woffxxx.com/
Cookie: uid_id2=aaffba01-f6ea-42c9-886c-9f92d1f9a13d:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:34 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://woffxxx.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc2c1d47-fc4a-4f23-a6f7-5ac8f3a68490.jpeg | 34.120.237.76 | 200 OK | 12 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc2c1d47-fc4a-4f23-a6f7-5ac8f3a68490.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashacffcb88ce68b2d70c9c046a7b5a4aa8 cd016e6c0bf5c6eef06e933c9a5257ff4fca9bc1 692d782ac1d812de6dadbcfe46034b6b5d8bbd586e56beedd96dc4d65445dd4c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc2c1d47-fc4a-4f23-a6f7-5ac8f3a68490.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12035
x-amzn-requestid: eef7d417-c6ca-4e3f-ac00-1425f3d5c4a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb0TSGHDIAMF_jA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cdae-467c79a805dfb5622687f628;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:39:58 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: haFJ2LZecbT4HRbkvcaZxR4SAIx5cGxNyghKiDOJVX6xDkPwzc2wNQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:45:34 GMT
age: 6600
etag: "cd016e6c0bf5c6eef06e933c9a5257ff4fca9bc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9768b9bd-d7a9-4426-a5b2-ea1a71860733.jpeg | 34.120.237.76 | 200 OK | 2.2 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9768b9bd-d7a9-4426-a5b2-ea1a71860733.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash995eb3df7ec5507e3392fdb1ca6395b4 9bc2e9039e9340b83ffcfb90e4e2c631a8723e60 4c86fdcd3b338040ea8130ee6a1ed5c3bd66c4dd59fe461f81e5df88a379ebb3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9768b9bd-d7a9-4426-a5b2-ea1a71860733.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2150
x-amzn-requestid: 59ef9edf-d9c1-45d0-b084-adf8e2f0738d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cXQcKGPXoAMFbWA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6385fab4-693e8d7d5632d48722e31757;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 12:27:32 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: iO-jUNMNzAM6zHh1oEftgZcW18vxdgaFGpNe4a1WHU97pRMMuHIKaQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 17:51:49 GMT
age: 20625
etag: "9bc2e9039e9340b83ffcfb90e4e2c631a8723e60"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg | 34.120.237.76 | 200 OK | 16 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashffd12f9c423ffc627d9e3b3145944fe4 5cf9a7a784952e1bb0cbe499104f1774b1269d08 a25f1b752d9af599aefd73073c105853130f1759905269de3d582d2eb35fe167
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16038
x-amzn-requestid: 9d34c42b-ba0c-498f-8f99-d4ab527ffa89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbzMdHXNIAMFgaw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cbe9-376846f31dc9b995797cbd18;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:32:25 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: DngCuOTO9fQAwWe_ip6EtBcgruigZN6Bl1_v5BHM2dsWlhqCXCL3gg==
via: 1.1 efcf7b9d0f917f9ebf314db03e52d9b6.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:45:33 GMT
age: 6601
etag: "5cf9a7a784952e1bb0cbe499104f1774b1269d08"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2bbca075-74f3-4647-8b00-66430fff5397.jpeg | 34.120.237.76 | 200 OK | 10 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2bbca075-74f3-4647-8b00-66430fff5397.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash70afa08b7d0b64772b90ae190689e6c1 527cf32104041423176fadd3cfc2120fe63f6bfc 31ebf9decb53b8180922c4b10d0427aba95a802246a5ced8ec368d814a33b843
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2bbca075-74f3-4647-8b00-66430fff5397.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9993
x-amzn-requestid: 7d7febbc-2bdf-44e9-9727-9c56b5bcb138
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb1VNFZiIAMFV-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cf54-1f89231026a9b5c467324134;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:47:00 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qK6AAXX3bqNSjQerE2jNysmMWX6X5j4Mm-MRQfG06YU7YmklFfE3NQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:50:08 GMT
age: 6326
etag: "527cf32104041423176fadd3cfc2120fe63f6bfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg | 34.120.237.76 | 200 OK | 9.5 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashe1e6b6ba4f82221b41c3d9129008c76d 2f9532d698b4c28df23e18bbb66399ec776d5b9f 218c6f41a16e6087c611d4db5784a7cc1d027084d0bf2bd6dc3843ee5dfd560f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdc2b4ec6-0955-4089-983c-0abf7fd13bf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9459
x-amzn-requestid: c08f55b2-7ac6-4dec-b53c-fd3f4533f9c9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cMpBiGoHIAMFR2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6381bba3-69c2c2d05e55fd745caf1dce;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 07:09:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: w_Mb-0pBwp-pUyU2bdJ8MhrGHkk6VQgJmcGV9MfHwj_yGUMIYZkyrg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 10:53:00 GMT
age: 45754
etag: "2f9532d698b4c28df23e18bbb66399ec776d5b9f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| parkingridiculous.com/sbar.json?key=a6b0b8925d9b3a4154c035c24b4ed97e | 192.243.61.227 | 200 OK | 4.3 kB |
URL HTTP/1.1parkingridiculous.com/sbar.json?key=a6b0b8925d9b3a4154c035c24b4ed97e IP192.243.61.227:0 ASN#39572 DataWeb Global Group B.V.
File typeJSON data\012- , Unicode text, UTF-8 text, with very long lines (6174), with no line terminators Hash9dbecbfe0e40221d59bfe1ec6d1053a1 7ec420dae7f25cba2f6f37448b8de64cbbb15c93 69e4814e09a765a32b492fdee5923b8ed49732ccb1c36fc6213a92b20f0f389f
Analyzer | Verdict | Alert | fortinet | Malware | | quad9 | Sinkholed | |
GET /sbar.json?key=a6b0b8925d9b3a4154c035c24b4ed97e HTTP/1.1
Host: parkingridiculous.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://woffxxx.com
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Wed, 30 Nov 2022 23:35:35 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://woffxxx.com
Access-Control-Allow-Origin: https://woffxxx.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17334956; expires=Thu, 01 Dec 2022 23:35:34 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 01 Dec 2022 23:35:35 GMT; secure; SameSite=None
uncs=1; expires=Thu, 01 Dec 2022 23:35:35 GMT; secure; SameSite=None
pdhtkv29=true; expires=Thu, 01 Dec 2022 23:35:35 GMT; secure; SameSite=None
uncs29=1; expires=Thu, 01 Dec 2022 23:35:35 GMT; secure; SameSite=None
sleca6b0b8925d9b3a4154c035c24b4ed97e=[3825557]; expires=Wed, 30 Nov 2022 23:35:40 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f7d7e03e22fcf514fc7c1c8eea144c4e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash9202729f02c6338d7a24388f8bd6e736 20900b5f2d70ceadf656a7a83048a52f84f3133e 15920417d134ee8f348a15a9f2a344f84e9066c2040f903bce053b6ea7b2bb45
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "15920417D134EE8F348A15A9F2A344F84E9066C2040F903BCE053B6EA7B2BB45"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5159
Expires: Thu, 01 Dec 2022 01:01:34 GMT
Date: Wed, 30 Nov 2022 23:35:35 GMT
Connection: keep-alive
|
|
| tractorfoolproofstandard.com/pixel/purst?dl=0&th=0&sc=0&rs=2261&rd=2261&fd=762&bv=22.10.v.10&tmpl=136 | 192.243.59.20 | 200 OK | 0 B |
URL HTTP/1.1tractorfoolproofstandard.com/pixel/purst?dl=0&th=0&sc=0&rs=2261&rd=2261&fd=762&bv=22.10.v.10&tmpl=136 IP192.243.59.20:0 ASN#39572 DataWeb Global Group B.V.
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | quad9 | Sinkholed | |
GET /pixel/purst?dl=0&th=0&sc=0&rs=2261&rd=2261&fd=762&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: tractorfoolproofstandard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Wed, 30 Nov 2022 23:35:35 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| simplewebanalysis.com/stats | 52.28.211.11 | 200 OK | 40 B |
URL HTTP/2simplewebanalysis.com/stats IP52.28.211.11:0
File typeASCII text, with no line terminators Hash80f0c8c79a0045ca91c929fe6f293e99 dd7b35f484aa39faa2f81c4c8992beb302e00f6a 2ac2802fc7912ca253525841027ef9387614482f5f5d98a0296e753ba0837b84
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://woffxxx.com
Connection: keep-alive
Referer: https://woffxxx.com/
Cookie: uid_id2=aaffba01-f6ea-42c9-886c-9f92d1f9a13d:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:35 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://woffxxx.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
|
|
| syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1PSU4DMRD8Ch+I1auXnOEKUlAe4Hg8Aoko0oBgDvV4PINI16V6rWohkQPzQemB81H9qILCoVAwCeyG55cTjLGu67z0Hn7qV3uDWTZniFiKGcWjjjWLSWOJcMpwGYwjkrOZKMEIChoQV7ONBSJGJDydTzi/Po5Ciepg8BglWploJJs8ZOwPTishak49NyvGIhySJ1UT4uzRRJIXkPap5ktKuXcjJ5m4JZmNqU3W+mU7hBqWXj8+l+/Qbtfd1+7IPY+2/BegbComOPA9MYwg7O33eanXDtzn/5B2ieHYbHsBvZQYJeap1anXkmpqNF/S5DVzm6v+Aku0Lc+EAQAA | 95.211.229.247 | 200 OK | 20 B |
URL HTTP/1.1syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1PSU4DMRD8Ch+I1auXnOEKUlAe4Hg8Aoko0oBgDvV4PINI16V6rWohkQPzQemB81H9qILCoVAwCeyG55cTjLGu67z0Hn7qV3uDWTZniFiKGcWjjjWLSWOJcMpwGYwjkrOZKMEIChoQV7ONBSJGJDydTzi/Po5Ciepg8BglWploJJs8ZOwPTishak49NyvGIhySJ1UT4uzRRJIXkPap5ktKuXcjJ5m4JZmNqU3W+mU7hBqWXj8+l+/Qbtfd1+7IPY+2/BegbComOPA9MYwg7O33eanXDtzn/5B2ieHYbHsBvZQYJeap1anXkmpqNF/S5DVzm6v+Aku0Lc+EAQAA IP95.211.229.247:0 ASN#60781 LeaseWeb Netherlands B.V.
Hasha4745abc5e7fdb89cc6df3069f3c6e69 74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAAz1PSU4DMRD8Ch+I1auXnOEKUlAe4Hg8Aoko0oBgDvV4PINI16V6rWohkQPzQemB81H9qILCoVAwCeyG55cTjLGu67z0Hn7qV3uDWTZniFiKGcWjjjWLSWOJcMpwGYwjkrOZKMEIChoQV7ONBSJGJDydTzi/Po5Ciepg8BglWploJJs8ZOwPTishak49NyvGIhySJ1UT4uzRRJIXkPap5ktKuXcjJ5m4JZmNqU3W+mU7hBqWXj8+l+/Qbtfd1+7IPY+2/BegbComOPA9MYwg7O33eanXDtzn/5B2ieHYbHsBvZQYJeap1anXkmpqNF/S5DVzm6v+Aku0Lc+EAQAA HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226387e8c4941221.757334201856422759%22%3B%7D; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C23975185%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 30 Nov 2022 23:35:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226387e8c4941221.757334201856422759%22%3B%7D; expires=Fri, 29 Nov 2024 23:35:35 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%226387e8c4941221.757334201856422759%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Fri, 29 Nov 2024 23:35:35 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
|
|
| syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1QSU7EQAz8Ch+Yltde5gxXkAbNA5JOt0ACIQUEOdTj6QQx9qW8lMu2kMiJ+aR0x/msflZB4VAomAR2w+PTBcbYtq2vrYWf6au+wCybM0QsxYziUQfNYtJYIpwyXAbiiORsJkowgoKGi6vZjgIRIxIerhdcn+9HokR1MHi0Em1MNIJdHjL4A9NGiJpTy9WKsQiH5EnVhDh7NJHkBaRtmfKcUm7NyEkWrkm6MdXFapv3QZjC2qa3z/U71I/3Y69jI5ddR/4TUDYVE5z4FhiGEY7ya1+n9wbc+v88HRJjktl+Amqv4w+8RMo95uKlas8ztZ7qPDfnX0AkUDaEAQAA | 95.211.229.247 | 200 OK | 20 B |
URL HTTP/1.1syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1QSU7EQAz8Ch+Yltde5gxXkAbNA5JOt0ACIQUEOdTj6QQx9qW8lMu2kMiJ+aR0x/msflZB4VAomAR2w+PTBcbYtq2vrYWf6au+wCybM0QsxYziUQfNYtJYIpwyXAbiiORsJkowgoKGi6vZjgIRIxIerhdcn+9HokR1MHi0Em1MNIJdHjL4A9NGiJpTy9WKsQiH5EnVhDh7NJHkBaRtmfKcUm7NyEkWrkm6MdXFapv3QZjC2qa3z/U71I/3Y69jI5ddR/4TUDYVE5z4FhiGEY7ya1+n9wbc+v88HRJjktl+Amqv4w+8RMo95uKlas8ztZ7qPDfnX0AkUDaEAQAA IP95.211.229.247:0 ASN#60781 LeaseWeb Netherlands B.V.
Hasha4745abc5e7fdb89cc6df3069f3c6e69 74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAAz1QSU7EQAz8Ch+Yltde5gxXkAbNA5JOt0ACIQUEOdTj6QQx9qW8lMu2kMiJ+aR0x/msflZB4VAomAR2w+PTBcbYtq2vrYWf6au+wCybM0QsxYziUQfNYtJYIpwyXAbiiORsJkowgoKGi6vZjgIRIxIerhdcn+9HokR1MHi0Em1MNIJdHjL4A9NGiJpTy9WKsQiH5EnVhDh7NJHkBaRtmfKcUm7NyEkWrkm6MdXFapv3QZjC2qa3z/U71I/3Y69jI5ddR/4TUDYVE5z4FhiGEY7ya1+n9wbc+v88HRJjktl+Amqv4w+8RMo95uKlas8ztZ7qPDfnX0AkUDaEAQAA HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226387e8c4941221.757334201856422759%22%3B%7D; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C23975185%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 30 Nov 2022 23:35:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226387e8c4941221.757334201856422759%22%3B%7D; expires=Fri, 29 Nov 2024 23:35:35 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%226387e8c4941221.757334201856422759%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Fri, 29 Nov 2024 23:35:35 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
|
|
| syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1Qy07EMAz8FX5gI7+T7BmuIC3aD2jSVCCxQioIevDH4xZpM4d47HHGDgHRCfHE8IDlzHpm8oqpQhJKqOLPLxcX9G3blnWM9Dt99zdnMyBzIslWvKpxtIllKgKuUJwzKhu6VQUELB55dgiQssgeJYCogz9dL359fYxENVZHx5ACbKQQZLd3ApeIYQM3LnmULlWQCFPWzCwUDmpClLU6zUQwmpXFciGeR+t95lKkq0x1HA/5lNYxfXytP6l/3oJL7OAFTPa5DDlEdIy7g1GYhPyEdyIeB/wovy/rdBvud/0/8mEU64jsl3dombi2pXKb64Rztl6axEfWhdqS/wBob0BYigEAAA== | 95.211.229.247 | 200 OK | 20 B |
URL HTTP/1.1syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAAz1Qy07EMAz8FX5gI7+T7BmuIC3aD2jSVCCxQioIevDH4xZpM4d47HHGDgHRCfHE8IDlzHpm8oqpQhJKqOLPLxcX9G3blnWM9Dt99zdnMyBzIslWvKpxtIllKgKuUJwzKhu6VQUELB55dgiQssgeJYCogz9dL359fYxENVZHx5ACbKQQZLd3ApeIYQM3LnmULlWQCFPWzCwUDmpClLU6zUQwmpXFciGeR+t95lKkq0x1HA/5lNYxfXytP6l/3oJL7OAFTPa5DDlEdIy7g1GYhPyEdyIeB/wovy/rdBvud/0/8mEU64jsl3dombi2pXKb64Rztl6axEfWhdqS/wBob0BYigEAAA== IP95.211.229.247:0 ASN#60781 LeaseWeb Netherlands B.V.
Hasha4745abc5e7fdb89cc6df3069f3c6e69 74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAAz1Qy07EMAz8FX5gI7+T7BmuIC3aD2jSVCCxQioIevDH4xZpM4d47HHGDgHRCfHE8IDlzHpm8oqpQhJKqOLPLxcX9G3blnWM9Dt99zdnMyBzIslWvKpxtIllKgKuUJwzKhu6VQUELB55dgiQssgeJYCogz9dL359fYxENVZHx5ACbKQQZLd3ApeIYQM3LnmULlWQCFPWzCwUDmpClLU6zUQwmpXFciGeR+t95lKkq0x1HA/5lNYxfXytP6l/3oJL7OAFTPa5DDlEdIy7g1GYhPyEdyIeB/wovy/rdBvud/0/8mEU64jsl3dombi2pXKb64Rztl6axEfWhdqS/wBob0BYigEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://a.realsrv.com
Connection: keep-alive
Referer: https://a.realsrv.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226387e8c4941221.757334201856422759%22%3B%7D; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C23975185%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 30 Nov 2022 23:35:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://a.realsrv.com
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226387e8c4941221.757334201856422759%22%3B%7D; expires=Fri, 29 Nov 2024 23:35:35 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%226387e8c4941221.757334201856422759%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22508.0199%22%7D; expires=Fri, 29 Nov 2024 23:35:35 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
|
|
| 4.adsco.re/ | 162.252.214.5 | 200 OK | 62 B |
IP162.252.214.5:0
File typeASCII text, with no line terminators Hashadde5febc7b5b6c2c759ec735cce83a0 77ec17be8a9970ff04663294d41c590d0d24fde4 ce2b9f2e5005195de7add565505005be6f2ef0d37521771e15106d1e1b9260ff
GET / HTTP/1.1
Host: 4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://c.adsco.re/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 23:35:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 2592000
Cache-Control: private, max-age=5
Content-Encoding: gzip
|
|
| s3t3d2y8.afcdn.net/library/448451/8ef3894784f1f3467b73910ccd33bb9099b5e2bc.webp | 185.76.9.21 | 200 OK | 2.9 kB |
URL HTTP/2s3t3d2y8.afcdn.net/library/448451/8ef3894784f1f3467b73910ccd33bb9099b5e2bc.webp IP185.76.9.21:0 ASN#60068 Datacamp Limited
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 300x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Hashab8bbb20fd4ab8b9f2345bc1bbc0a9fe 8ef3894784f1f3467b73910ccd33bb9099b5e2bc 72999b890831e46253dd0b1b023c86bf0753e0b473a5c5bff14ab325e62686a4
GET /library/448451/8ef3894784f1f3467b73910ccd33bb9099b5e2bc.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.realsrv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:35 GMT
content-type: image/webp
content-length: 2904
last-modified: Tue, 09 Aug 2022 11:14:50 GMT
etag: "62f241aa-b58"
expires: Wed, 09 Aug 2023 11:37:56 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1691581365
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRTQoRf/kqCVAA
x-77-nzt-ray: af585630e08feba8c7e88763a0aeed1e
x-cache: HIT
x-age: 9805970
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| s3t3d2y8.afcdn.net/library/140058/a66f2e087f17cd312b112ff9d085f1d86e124d8c.webp | 185.76.9.21 | 200 OK | 10 kB |
URL HTTP/2s3t3d2y8.afcdn.net/library/140058/a66f2e087f17cd312b112ff9d085f1d86e124d8c.webp IP185.76.9.21:0 ASN#60068 Datacamp Limited
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Hash9bfaf7271358d3fee1fdab51af536513 a66f2e087f17cd312b112ff9d085f1d86e124d8c 8427b6bf77bd1e1854f29fcd44c318c2acf75013de0f46a40839f0168c97255d
GET /library/140058/a66f2e087f17cd312b112ff9d085f1d86e124d8c.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:35 GMT
content-type: image/webp
content-length: 10548
last-modified: Wed, 03 Nov 2021 11:53:07 GMT
etag: "61827823-2934"
expires: Fri, 30 Jun 2023 11:10:32 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195350
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRS/5Vz/MUvJAA
x-77-nzt-ray: af585630e08feba8c7e887632badf71e
x-cache: HIT
x-age: 13191985
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| s3t3d2y8.afcdn.net/library/366026/43c35669aea6adb2d7b41a79dbb407a74156e5f1.mp4 | 185.76.9.21 | 206 Partial Content | 10 kB |
URL HTTP/2s3t3d2y8.afcdn.net/library/366026/43c35669aea6adb2d7b41a79dbb407a74156e5f1.mp4 IP185.76.9.21:0 ASN#60068 Datacamp Limited
File typeISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data Hash7784b86108b5501c39660e5c19e3bf06 43c35669aea6adb2d7b41a79dbb407a74156e5f1 20cb3b5dc47db843f30bbe415f7f6423cda6e6a7abd839b93c89ad85260b3ecc
GET /library/366026/43c35669aea6adb2d7b41a79dbb407a74156e5f1.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://a.realsrv.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
date: Wed, 30 Nov 2022 23:35:35 GMT
content-type: video/mp4
content-length: 10177
last-modified: Mon, 14 Sep 2020 14:01:58 GMT
etag: "5f5f77d6-27c1"
expires: Fri, 30 Jun 2023 12:55:30 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195340
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRQfZpj/O0vJAA
x-77-nzt-ray: af585630e08feba8c7e88763d45efc1e
x-cache: HIT
x-age: 13191995
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-10176/10177
X-Firefox-Spdy: h2
|
|
| s3t3d2y8.afcdn.net/library/129744/bbadb2ca17066ff599c8791c49dd59df6daa355a.webp | 185.76.9.21 | 200 OK | 14 kB |
URL HTTP/2s3t3d2y8.afcdn.net/library/129744/bbadb2ca17066ff599c8791c49dd59df6daa355a.webp IP185.76.9.21:0 ASN#60068 Datacamp Limited
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Hash3300883deb6d97fd97879c375a5e6edc bbadb2ca17066ff599c8791c49dd59df6daa355a 74131de51217ab3285637c4019c10046ce875475afa72e7ad5f339c32c19ef74
GET /library/129744/bbadb2ca17066ff599c8791c49dd59df6daa355a.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:35 GMT
content-type: image/webp
content-length: 13990
last-modified: Tue, 04 Jan 2022 01:04:44 GMT
etag: "61d39d2c-36a6"
expires: Fri, 30 Jun 2023 13:51:26 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195296
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRTIllv/Z0vJAA
x-77-nzt-ray: af585630e08feba8c7e887633416001f
x-cache: HIT
x-age: 13192039
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| s3t3d2y8.afcdn.net/library/802444/d12ccb590ad00f4923f36212a376a907910dcbf6.webp | 185.76.9.21 | 200 OK | 9.0 kB |
URL HTTP/2s3t3d2y8.afcdn.net/library/802444/d12ccb590ad00f4923f36212a376a907910dcbf6.webp IP185.76.9.21:0 ASN#60068 Datacamp Limited
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Hash03a466116a5e875e0bd4dfa768d88d94 d12ccb590ad00f4923f36212a376a907910dcbf6 1095a12ca3638c3d19f40704809776f1f6349a7b06e35cba865e2126ed6ba52c
GET /library/802444/d12ccb590ad00f4923f36212a376a907910dcbf6.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:35 GMT
content-type: image/webp
content-length: 9022
last-modified: Fri, 15 Jul 2022 11:08:07 GMT
etag: "62d14a97-233e"
expires: Sat, 15 Jul 2023 11:38:32 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1689476948
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRT1zTL/87y1AA
x-77-nzt-ray: af585630e08feba8c7e88763a4ae041f
x-cache: HIT
x-age: 11910387
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| testingmetriksbre.ru/netu.php | 104.26.1.119 | 200 OK | 1.0 kB |
URL HTTP/2testingmetriksbre.ru/netu.php IP104.26.1.119:0
File typeASCII text, with very long lines (855), with CRLF line terminators Hashc9ea79d2166f2fceea4446612c8533f9 886d13048713269d06a1aba0d68d892d6569c7a3 0feda4cb0a69b8796e10405b6549d92b3d4180f4263ff451b1971debd1be023b
GET /netu.php HTTP/1.1
Host: testingmetriksbre.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:33 GMT
content-type: application/javascript
x-powered-by: PHP/7.1.33
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rlb41FC7wM9gJQykPgqpMV1Q2Lk%2FbRS4M8IDva65DkQdYaQtH7i1t1u%2BITpf%2FpBBFwHrjfeI6Hi0BTZOZkIREnFgnHtyIwBXnLVS6NjKjqgR3R%2FG7zJtGf3v1%2FI5bSL36GHOfuq1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7727666f3902b518-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| s3t3d2y8.afcdn.net/library/802444/8d556f01a0a027fd5743a851458a0c2fa83388ba.webp | 185.76.9.21 | 200 OK | 6.3 kB |
URL HTTP/2s3t3d2y8.afcdn.net/library/802444/8d556f01a0a027fd5743a851458a0c2fa83388ba.webp IP185.76.9.21:0 ASN#60068 Datacamp Limited
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Hash08f0d637a8bece01677b78c56c3477b5 8d556f01a0a027fd5743a851458a0c2fa83388ba 07698e284ebdc9b08584215029b7bc35b2424b91f52e0a30c8e50bec44e59ad2
GET /library/802444/8d556f01a0a027fd5743a851458a0c2fa83388ba.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:35 GMT
content-type: image/webp
content-length: 6324
last-modified: Fri, 15 Jul 2022 11:08:07 GMT
etag: "62d14a97-18b4"
expires: Sat, 15 Jul 2023 11:43:20 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1689568095
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRRQ/1f/6Fi0AA
x-77-nzt-ray: af585630e08feba8c7e887634973081f
x-cache: HIT
x-age: 11819240
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| s.w.org/images/core/emoji/14.0.0/svg/1f445.svg | 192.0.77.48 | 200 OK | 360 B |
URL HTTP/2s.w.org/images/core/emoji/14.0.0/svg/1f445.svg IP192.0.77.48:0
File typeSVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (360), with no line terminators Hash0d16121d9eae5745be9da0c730557d30 3e1f809012606a4df721569e690553ee85606dbb 7ba3e8cfbd718c54aeaf8b78b8487552f08f520d1d0653a18860f46d428074e9
GET /images/core/emoji/14.0.0/svg/1f445.svg HTTP/1.1
Host: s.w.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 23:35:35 GMT
content-type: image/svg+xml
content-length: 360
last-modified: Tue, 12 Apr 2022 03:50:38 GMT
x-frame-options: SAMEORIGIN
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 1
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| s.w.org/images/core/emoji/14.0.0/svg/1f444.svg | 192.0.77.48 | 200 OK | 618 B |
URL HTTP/2s.w.org/images/core/emoji/14.0.0/svg/1f444.svg IP192.0.77.48:0
File typeSVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (618), with no line terminators Hashc1aac731a5d5bab09fc7d177fadc5eef 2920bdc5edb84369bbccd9d361c03792302908a4 033caa64a2f2dbe91f16210f2d9912949d30eb0cd097dc52cdf90d6ff63bdd8c
GET /images/core/emoji/14.0.0/svg/1f444.svg HTTP/1.1
Host: s.w.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 23:35:35 GMT
content-type: image/svg+xml
content-length: 618
last-modified: Tue, 12 Apr 2022 03:47:26 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 1
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| s3t3d2y8.afcdn.net/library/802444/26d2e9758abed93dcb4846fb53753ea7548231ec.webp | 185.76.9.21 | 200 OK | 6.8 kB |
URL HTTP/2s3t3d2y8.afcdn.net/library/802444/26d2e9758abed93dcb4846fb53753ea7548231ec.webp IP185.76.9.21:0 ASN#60068 Datacamp Limited
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Hash5d9325b7bae76ad2cfd7f5d8b6db322c 26d2e9758abed93dcb4846fb53753ea7548231ec d6054a66b68c81d911b44b00bdffb9ee91a97e769c2bb83b1cbe396301ac48c1
GET /library/802444/26d2e9758abed93dcb4846fb53753ea7548231ec.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:35 GMT
content-type: image/webp
content-length: 6790
last-modified: Fri, 15 Jul 2022 11:08:07 GMT
etag: "62d14a97-1a86"
expires: Sat, 15 Jul 2023 11:43:05 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1689468529
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRRP9Fr/1t21AA
x-77-nzt-ray: af585630e08feba8c7e8876312540c1f
x-cache: HIT
x-age: 11918806
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| s.w.org/images/core/emoji/14.0.0/svg/1f346.svg | 192.0.77.48 | 200 OK | 432 B |
URL HTTP/2s.w.org/images/core/emoji/14.0.0/svg/1f346.svg IP192.0.77.48:0
File typeSVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (432), with no line terminators Hashf92a9f8821057c551982b659b268ed8e 6238f3b621be938ec83d96306647991cf8cec28f 6a51feacbc0c6653c8adf378b5bf03b10a82f8ff387674f6434d3ee9019416af
GET /images/core/emoji/14.0.0/svg/1f346.svg HTTP/1.1
Host: s.w.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 23:35:35 GMT
content-type: image/svg+xml
content-length: 432
last-modified: Tue, 12 Apr 2022 03:50:38 GMT
x-frame-options: SAMEORIGIN
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 1
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| s3t3d2y8.afcdn.net/library/623611/2278481571affd0d06433855ece073cb06237a2a.webp | 185.76.9.21 | 200 OK | 6.1 kB |
URL HTTP/2s3t3d2y8.afcdn.net/library/623611/2278481571affd0d06433855ece073cb06237a2a.webp IP185.76.9.21:0 ASN#60068 Datacamp Limited
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Hash6fa982653e11bf92f711f516bff7cc24 2278481571affd0d06433855ece073cb06237a2a 4ec89f5331b8e33f6ba993e5e835df7b3a008ee32ab12dcca448781bca935a97
GET /library/623611/2278481571affd0d06433855ece073cb06237a2a.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:35 GMT
content-type: image/webp
content-length: 6076
last-modified: Wed, 03 Nov 2021 19:29:43 GMT
etag: "6182e327-17bc"
expires: Fri, 30 Jun 2023 12:09:04 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195222
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRSkh3P/sUvJAA
x-77-nzt-ray: af585630e08feba8c7e8876326680f1f
x-cache: HIT
x-age: 13192113
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| s.w.org/images/core/emoji/14.0.0/svg/1f618.svg | 192.0.77.48 | 200 OK | 2.2 kB |
URL HTTP/2s.w.org/images/core/emoji/14.0.0/svg/1f618.svg IP192.0.77.48:0
File typeSVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2224), with no line terminators Hash81a553e7c02c5dd144e40888c4b2faad babb293bf69fb9dc86fed937dd0bd5b14c879c81 52741c0837915c2af0469345fda5a6e62b31f56c22efda6005cbcd52deb24285
GET /images/core/emoji/14.0.0/svg/1f618.svg HTTP/1.1
Host: s.w.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 23:35:35 GMT
content-type: image/svg+xml
content-length: 2224
last-modified: Tue, 12 Apr 2022 03:53:43 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 1
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| s3t3d2y8.afcdn.net/library/802444/829cd26ee8f73baca4dedfe762897593489bff22.webp | 185.76.9.21 | 200 OK | 6.8 kB |
URL HTTP/2s3t3d2y8.afcdn.net/library/802444/829cd26ee8f73baca4dedfe762897593489bff22.webp IP185.76.9.21:0 ASN#60068 Datacamp Limited
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Hashf019913fa1bcdd5dfe98af59ac49bbb2 829cd26ee8f73baca4dedfe762897593489bff22 66d870e5558d185796bbfb5dd24d4a3ad46a4042933e49e98567659746c230cf
GET /library/802444/829cd26ee8f73baca4dedfe762897593489bff22.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:35 GMT
content-type: image/webp
content-length: 6768
last-modified: Fri, 15 Jul 2022 11:08:07 GMT
etag: "62d14a97-1a70"
expires: Sat, 15 Jul 2023 11:44:54 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1689487730
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRS1rAf/1ZK1AA
x-77-nzt-ray: af585630e08feba8c7e887631238111f
x-cache: HIT
x-age: 11899605
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| s3t3d2y8.afcdn.net/library/802424/ae0499419dc52682c5ce7488148a6f6c37db3a47.webp | 185.76.9.21 | 200 OK | 12 kB |
URL HTTP/2s3t3d2y8.afcdn.net/library/802424/ae0499419dc52682c5ce7488148a6f6c37db3a47.webp IP185.76.9.21:0 ASN#60068 Datacamp Limited
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Hash0ab519ecbcec195a4eaaa02d15a78138 ae0499419dc52682c5ce7488148a6f6c37db3a47 a3186bb75a18d0335801ca5745b09e4215c19e39bb14b4edd5a292a0dc74941e
GET /library/802424/ae0499419dc52682c5ce7488148a6f6c37db3a47.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:35 GMT
content-type: image/webp
content-length: 12534
last-modified: Fri, 30 Sep 2022 10:04:04 GMT
etag: "6336bf14-30f6"
expires: Sat, 30 Sep 2023 10:14:07 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1696071104
server: CDN77-Turbo
x-77-nzt: AblMCRR+AHj/hx5RAA
x-77-nzt-ray: af585630e08feba8c7e887632afc5a1f
x-cache: HIT
x-age: 5316231
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| s3t3d2y8.afcdn.net/library/802444/179ee3ab587e6094f27c3d5081fc701b07651398.webp | 185.76.9.21 | 200 OK | 4.5 kB |
URL HTTP/2s3t3d2y8.afcdn.net/library/802444/179ee3ab587e6094f27c3d5081fc701b07651398.webp IP185.76.9.21:0 ASN#60068 Datacamp Limited
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Hash3a33d738939052a11a2ad76f9eade5d1 179ee3ab587e6094f27c3d5081fc701b07651398 fb72cfbb711af96a1abc7daab64778f7e9a21c0c5da3d5c6b07211e5f0ffb067
GET /library/802444/179ee3ab587e6094f27c3d5081fc701b07651398.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:35 GMT
content-type: image/webp
content-length: 4498
last-modified: Fri, 15 Jul 2022 11:08:07 GMT
etag: "62d14a97-1192"
expires: Sat, 15 Jul 2023 11:45:37 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1689468485
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRSSbXj/At61AA
x-77-nzt-ray: af585630e08feba8c7e887638ec15d1f
x-cache: HIT
x-age: 11918850
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| s3t3d2y8.afcdn.net/library/761560/aff16dc44b7afe6bc9c40ebc15af039a96c09055.webp | 185.76.9.21 | 200 OK | 10 kB |
URL HTTP/2s3t3d2y8.afcdn.net/library/761560/aff16dc44b7afe6bc9c40ebc15af039a96c09055.webp IP185.76.9.21:0 ASN#60068 Datacamp Limited
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Hash0e4867359692ea09486c09307f5db054 aff16dc44b7afe6bc9c40ebc15af039a96c09055 c860932ff98f21366a4861ea670b31fd0a8383327cbfc09040647cefd7889970
GET /library/761560/aff16dc44b7afe6bc9c40ebc15af039a96c09055.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:35 GMT
content-type: image/webp
content-length: 10414
last-modified: Thu, 03 Mar 2022 12:22:53 GMT
etag: "6220b31d-28ae"
expires: Sat, 09 Sep 2023 00:34:17 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1694770541
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRRjEkn/2vZkAA
x-77-nzt-ray: af585630e08feba8c7e8876320275f1f
x-cache: HIT
x-age: 6616794
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| parkingridiculous.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXndZ0csqXgTFOYmCTrrnxyaTPUTjGgnml7sr8SJav3pSprqrt6p7epJT2AXd43hYEE%2Bdb5KNWYO4f8CCTASRgGB7kIDmrEcV9qQgMxkMPqh679X3Dt%2F3vfp4OzshPjJ6vLJoNpXWdKJZ9SsvrapYmNxVlm5UAr%2FqX6msqvhy40qlO7xsZzrwm1X%2F5cpbkq%2BbiZof%2BH7gB5U5ZWVouhMjFCo5aAXVll9t1KpBs4Gu%2FX%2FvMg%2BOehCdE%2FI0lCgvrH3%2FAIoPEEdfX5VuPTXJK29GmaapseiIvXfj9djkMaKzMrQewnhvPA3jSkI%2BOwcT740VwHR2hgrAVEm8nwOweG9ME6yze8qUacgYTDyJvDOA1AMoOgA3t6HEjwTgAkvLiKN7S8bmdOMUpUO0JOcf%2FQWVl%2BT8r88gjr6a1apbuW50lioTO3TDAqo7gGoPkGSHSDc9qPwQPL0FJX4gE48WEEc7y04bKFGM1Cs1gAoH0LIH6jxkw6M8ZKGHLPEQieMKbbZC358MWVivTzU45%2FU6582py6Ip6o2p0EfGh%2FR6SJMeuO6B2y0kdgvrqgebfQO3VsAJDy4tiffOFjqiQC4JckeQU4JcEeQpQd4pdoV2NVfcE9plLBjn2jjXi75J29t016RtGZPt5IQ8NfTFe%2FzWAdblcYVeZj6batWaosXqtBE0G9yvN3mtwRpStCYlnCqg3LmR1E1VkuceVpGoklx8%2FxcweginD8HVJdDsedC8P1nzQdf6jSkfm%2FEBFZlOX127ebOaGghTIEnPI93wtvUJeXa0n%2BkP7kLyo9cu%2FlMv7%2FL74LZAYgt8pL4laOs7%2FWsmJzvXTO7Ig%2BUkVZHapMPdXU9pKi%2Fcf1tu5MaK%2Bauut%2F86HwLD8uCGdOkCjYWK2458OauEkHbOWC7Jw3m3KtlK5tZmMxtnycLKG3PzUWKlc8rEA1BVEvL5PrgqyRO9L0b%2F8oXpF6HsADYrEGVHZBxQ5hA82YJLjmY%2BZIvlH%2Ft%2FwxkCq89mWOIhz4q%2BrbGzR60ItDzrKSvg5NHM7%2B9dYovln2DyP0O23R20rQea3kYcFejYAh1dgOoeXPZYP03s0cxP9VGAaa%2FPtPV2mLb601NznTquyGboh9KvSRa2WDhJfdEKGy1GW4GcZE0aIHUl%2F%2BS37%2F4FAAD%2F%2FwEAAP%2F%2FTFhflG8EAAA%3D | 192.243.61.227 | 200 OK | 7 B |
URL HTTP/1.1parkingridiculous.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXndZ0csqXgTFOYmCTrrnxyaTPUTjGgnml7sr8SJav3pSprqrt6p7epJT2AXd43hYEE%2Bdb5KNWYO4f8CCTASRgGB7kIDmrEcV9qQgMxkMPqh679X3Dt%2F3vfp4OzshPjJ6vLJoNpXWdKJZ9SsvrapYmNxVlm5UAr%2FqX6msqvhy40qlO7xsZzrwm1X%2F5cpbkq%2BbiZof%2BH7gB5U5ZWVouhMjFCo5aAXVll9t1KpBs4Gu%2FX%2FvMg%2BOehCdE%2FI0lCgvrH3%2FAIoPEEdfX5VuPTXJK29GmaapseiIvXfj9djkMaKzMrQewnhvPA3jSkI%2BOwcT740VwHR2hgrAVEm8nwOweG9ME6yze8qUacgYTDyJvDOA1AMoOgA3t6HEjwTgAkvLiKN7S8bmdOMUpUO0JOcf%2FQWVl%2BT8r88gjr6a1apbuW50lioTO3TDAqo7gGoPkGSHSDc9qPwQPL0FJX4gE48WEEc7y04bKFGM1Cs1gAoH0LIH6jxkw6M8ZKGHLPEQieMKbbZC358MWVivTzU45%2FU6582py6Ip6o2p0EfGh%2FR6SJMeuO6B2y0kdgvrqgebfQO3VsAJDy4tiffOFjqiQC4JckeQU4JcEeQpQd4pdoV2NVfcE9plLBjn2jjXi75J29t016RtGZPt5IQ8NfTFe%2FzWAdblcYVeZj6batWaosXqtBE0G9yvN3mtwRpStCYlnCqg3LmR1E1VkuceVpGoklx8%2FxcweginD8HVJdDsedC8P1nzQdf6jSkfm%2FEBFZlOX127ebOaGghTIEnPI93wtvUJeXa0n%2BkP7kLyo9cu%2FlMv7%2FL74LZAYgt8pL4laOs7%2FWsmJzvXTO7Ig%2BUkVZHapMPdXU9pKi%2Fcf1tu5MaK%2Bauut%2F86HwLD8uCGdOkCjYWK2458OauEkHbOWC7Jw3m3KtlK5tZmMxtnycLKG3PzUWKlc8rEA1BVEvL5PrgqyRO9L0b%2F8oXpF6HsADYrEGVHZBxQ5hA82YJLjmY%2BZIvlH%2Ft%2FwxkCq89mWOIhz4q%2BrbGzR60ItDzrKSvg5NHM7%2B9dYovln2DyP0O23R20rQea3kYcFejYAh1dgOoeXPZYP03s0cxP9VGAaa%2FPtPV2mLb601NznTquyGboh9KvSRa2WDhJfdEKGy1GW4GcZE0aIHUl%2F%2BS37%2F4FAAD%2F%2FwEAAP%2F%2FTFhflG8EAAA%3D IP192.243.61.227:0 ASN#39572 DataWeb Global Group B.V.
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | quad9 | Sinkholed | |
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuXndZ0csqXgTFOYmCTrrnxyaTPUTjGgnml7sr8SJav3pSprqrt6p7epJT2AXd43hYEE%2Bdb5KNWYO4f8CCTASRgGB7kIDmrEcV9qQgMxkMPqh679X3Dt%2F3vfp4OzshPjJ6vLJoNpXWdKJZ9SsvrapYmNxVlm5UAr%2FqX6msqvhy40qlO7xsZzrwm1X%2F5cpbkq%2BbiZof%2BH7gB5U5ZWVouhMjFCo5aAXVll9t1KpBs4Gu%2FX%2FvMg%2BOehCdE%2FI0lCgvrH3%2FAIoPEEdfX5VuPTXJK29GmaapseiIvXfj9djkMaKzMrQewnhvPA3jSkI%2BOwcT740VwHR2hgrAVEm8nwOweG9ME6yze8qUacgYTDyJvDOA1AMoOgA3t6HEjwTgAkvLiKN7S8bmdOMUpUO0JOcf%2FQWVl%2BT8r88gjr6a1apbuW50lioTO3TDAqo7gGoPkGSHSDc9qPwQPL0FJX4gE48WEEc7y04bKFGM1Cs1gAoH0LIH6jxkw6M8ZKGHLPEQieMKbbZC358MWVivTzU45%2FU6582py6Ip6o2p0EfGh%2FR6SJMeuO6B2y0kdgvrqgebfQO3VsAJDy4tiffOFjqiQC4JckeQU4JcEeQpQd4pdoV2NVfcE9plLBjn2jjXi75J29t016RtGZPt5IQ8NfTFe%2FzWAdblcYVeZj6batWaosXqtBE0G9yvN3mtwRpStCYlnCqg3LmR1E1VkuceVpGoklx8%2FxcweginD8HVJdDsedC8P1nzQdf6jSkfm%2FEBFZlOX127ebOaGghTIEnPI93wtvUJeXa0n%2BkP7kLyo9cu%2FlMv7%2FL74LZAYgt8pL4laOs7%2FWsmJzvXTO7Ig%2BUkVZHapMPdXU9pKi%2Fcf1tu5MaK%2Bauut%2F86HwLD8uCGdOkCjYWK2458OauEkHbOWC7Jw3m3KtlK5tZmMxtnycLKG3PzUWKlc8rEA1BVEvL5PrgqyRO9L0b%2F8oXpF6HsADYrEGVHZBxQ5hA82YJLjmY%2BZIvlH%2Ft%2FwxkCq89mWOIhz4q%2BrbGzR60ItDzrKSvg5NHM7%2B9dYovln2DyP0O23R20rQea3kYcFejYAh1dgOoeXPZYP03s0cxP9VGAaa%2FPtPV2mLb601NznTquyGboh9KvSRa2WDhJfdEKGy1GW4GcZE0aIHUl%2F%2BS37%2F4FAAD%2F%2FwEAAP%2F%2FTFhflG8EAAA%3D HTTP/1.1
Host: parkingridiculous.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Cookie: u_pl=17334956; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca6b0b8925d9b3a4154c035c24b4ed97e=[3825557]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Wed, 30 Nov 2022 23:35:35 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fccc01905efbf4dbfb82e5f871566f04
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| s.w.org/images/core/emoji/14.0.0/svg/1f48b.svg | 192.0.77.48 | 200 OK | 701 B |
URL HTTP/2s.w.org/images/core/emoji/14.0.0/svg/1f48b.svg IP192.0.77.48:0
File typeSVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (701), with no line terminators Hash1f47248f358622a7398c81207142239b c72dfb2f08498d876edce2602dbcdfe3d6933b4e a8b89a9cf527dda297f2f59c8bfbb5b9166f7c6a823ece83f1b60bb916f46572
GET /images/core/emoji/14.0.0/svg/1f48b.svg HTTP/1.1
Host: s.w.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 23:35:35 GMT
content-type: image/svg+xml
content-length: 701
last-modified: Tue, 12 Apr 2022 03:53:43 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 1
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| s3t3d2y8.afcdn.net/library/623611/1d086ee530ffd2df0ad79a4430c5284ea0bf43a1.webp | 185.76.9.21 | 200 OK | 14 kB |
URL HTTP/2s3t3d2y8.afcdn.net/library/623611/1d086ee530ffd2df0ad79a4430c5284ea0bf43a1.webp IP185.76.9.21:0 ASN#60068 Datacamp Limited
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Hash4c844d5a19386b984d862c88ff15dd0f 1d086ee530ffd2df0ad79a4430c5284ea0bf43a1 5be93e78e93fcb00f0445cd83b9d55ad0d54aacddbd782b46286574a5b68a535
GET /library/623611/1d086ee530ffd2df0ad79a4430c5284ea0bf43a1.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:35 GMT
content-type: image/webp
content-length: 14308
last-modified: Wed, 03 Nov 2021 19:23:20 GMT
etag: "6182e1a8-37e4"
expires: Fri, 30 Jun 2023 14:25:37 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195218
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRS/LtX/tUvJAA
x-77-nzt-ray: af585630e08feba8c7e887630ffb9221
x-cache: HIT
x-age: 13192117
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| s.w.org/images/core/emoji/14.0.0/svg/1f493.svg | 192.0.77.48 | 200 OK | 1.3 kB |
URL HTTP/2s.w.org/images/core/emoji/14.0.0/svg/1f493.svg IP192.0.77.48:0
File typeSVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1275), with no line terminators Hash058dee5288ffcb904a26594ea31fcfb3 95cf8061c16583bbee1334ba8332257645d155e0 7e61107adf2c38be158a785007c396dab9b2cf3661a2809f501f69fe37ad3ca9
GET /images/core/emoji/14.0.0/svg/1f493.svg HTTP/1.1
Host: s.w.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 23:35:35 GMT
content-type: image/svg+xml
content-length: 1275
last-modified: Tue, 12 Apr 2022 03:50:38 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 1
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| s3t3d2y8.afcdn.net/library/140058/e57cf07a049e49b51c156d752ea761aa0dcd4bda.webp | 185.76.9.21 | 200 OK | 9.2 kB |
URL HTTP/2s3t3d2y8.afcdn.net/library/140058/e57cf07a049e49b51c156d752ea761aa0dcd4bda.webp IP185.76.9.21:0 ASN#60068 Datacamp Limited
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Hash65c256aae6dc21765215f9a9b0792c23 e57cf07a049e49b51c156d752ea761aa0dcd4bda de75f84d56e9a91f819ea220a66a911a37ea5cfb226d9c8576265fdcb281a62b
GET /library/140058/e57cf07a049e49b51c156d752ea761aa0dcd4bda.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:35 GMT
content-type: image/webp
content-length: 9202
last-modified: Wed, 03 Nov 2021 11:53:07 GMT
etag: "61827823-23f2"
expires: Fri, 30 Jun 2023 11:10:34 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195216
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCRRYZ9r/t0vJAA
x-77-nzt-ray: af585630e08feba8c7e887631d979921
x-cache: HIT
x-age: 13192119
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-62001516-1&cid=904593096.1669851332&jid=686694454&gjid=1117325172&_gid=575763750.1669851332&_u=YEBAAUAAAAAAACAAI~&z=78859063 | 74.125.131.154 | 200 OK | 1 B |
URL HTTP/2stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-62001516-1&cid=904593096.1669851332&jid=686694454&gjid=1117325172&_gid=575763750.1669851332&_u=YEBAAUAAAAAAACAAI~&z=78859063 IP74.125.131.154:0
File typevery short file (no magic) Hashc4ca4238a0b923820dcc509a6f75849b 356a192b7913b04c54574d18c28d46e6395428ab 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-62001516-1&cid=904593096.1669851332&jid=686694454&gjid=1117325172&_gid=575763750.1669851332&_u=YEBAAUAAAAAAACAAI~&z=78859063 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://xxxfree.watch
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://xxxfree.watch
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 30 Nov 2022 23:35:35 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 472 B |
IP142.250.74.131:0
Hash5d950b70d3b1532276ed817249b72618 dca7faf727b8afdd481c8f8bcc3e9129fdadadc3 afe3fbe5f269179e18a66ca806664b7f96b903150b364129e2f2b30087198e34
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 23:35:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/11/23/1669221429rswlc/1669221429rswlc-640x480-1.jpg | 50.7.214.74 | 200 OK | 32 kB |
URL HTTP/2cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/11/23/1669221429rswlc/1669221429rswlc-640x480-1.jpg IP50.7.214.74:0
File typeJPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1280x720, components 3\012- data Hashe740e463e3886698aa5832becf547a6e 8ca0825c4c4d0af303fd0cef54dc412eee5cd7d7 fbfc467f6926159490c47e5148efb4184ca91e612d8b221f0db26e03d2f404bb
GET /flv/api/files/thumbs_new/2022/11/23/1669221429rswlc/1669221429rswlc-640x480-1.jpg HTTP/1.1
Host: cdn-s13.cfeucdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:39:52 GMT
content-type: image/jpeg
content-length: 31698
last-modified: Wed, 23 Nov 2022 16:59:04 GMT
etag: "637e5158-7bd2"
server: cloudflare
expires: Thu, 06 Nov 2121 23:39:52 GMT
cache-control: max-age=3122064000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash666862f4814e01580d5eda6267101cf3 df635667f6dae8be205caf550fc95c16d17a01a5 f6f33ec68b533f749a2cef620edba5fba65b437d2dd9e7a8bd6d3e19d0581db6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6F33EC68B533F749A2CEF620EDBA5FBA65B437D2DD9E7A8BD6D3E19D0581DB6"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10214
Expires: Thu, 01 Dec 2022 02:25:49 GMT
Date: Wed, 30 Nov 2022 23:35:35 GMT
Connection: keep-alive
|
|
| ocsp.sectigo.com/ | 172.64.155.188 | 200 OK | 472 B |
IP172.64.155.188:0
Hash53b9414cb6bc3eabdf19b5990c04b953 4d8dcdbf1dba4a72fb64482a39966368b5ea7d22 c830f82b7717d2e18ba97cddb1f94392d9c0a9a3e1723a00625b1dfe52c7484e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 23:35:35 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 18:57:13 GMT
Expires: Wed, 07 Dec 2022 18:57:12 GMT
Etag: "4d8dcdbf1dba4a72fb64482a39966368b5ea7d22"
Cache-Control: max-age=587496,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7727667fdaf8b512-OSL
|
|
| e1.o.lencr.org/ | 23.36.77.32 | 200 OK | 346 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash3c22f6742a681063615a548ae5fbc532 631eaaad4049c5b6f54eb2b4e127b77240868636 a8e170fec241ad3ec9acc075fa8d7ce2184d129bf69f5ace3e7229aa3bfd59c7
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A8E170FEC241AD3EC9ACC075FA8D7CE2184D129BF69F5ACE3E7229AA3BFD59C7"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9499
Expires: Thu, 01 Dec 2022 02:13:55 GMT
Date: Wed, 30 Nov 2022 23:35:36 GMT
Connection: keep-alive
|
|
| cdn4ads.com/skL.php?_=BAYAY4foxQFjh-jFgAGBAsAAIIVbEIu_o0h7UAO0rqwKJw0uGg3xeH6EtgnqARicNXHxwQBIMEYCIQCqjTk4T8dosdSmde6kNGPK3JPQHLcVyGnW3laYLNrHPQIhAJ_u4omKspydY1bl8U2Y5FkbrvKteU-bQXcTadCCuVFf&v=4&xWyEZAgN=4129487&minBid=&JgofHrKy=0,0&RCWvoDIX=&XBObgQkV=&s=1280,1024,1,1280,1024,0 | 216.59.63.128 | 200 OK | 44 B |
URL HTTP/2cdn4ads.com/skL.php?_=BAYAY4foxQFjh-jFgAGBAsAAIIVbEIu_o0h7UAO0rqwKJw0uGg3xeH6EtgnqARicNXHxwQBIMEYCIQCqjTk4T8dosdSmde6kNGPK3JPQHLcVyGnW3laYLNrHPQIhAJ_u4omKspydY1bl8U2Y5FkbrvKteU-bQXcTadCCuVFf&v=4&xWyEZAgN=4129487&minBid=&JgofHrKy=0,0&RCWvoDIX=&XBObgQkV=&s=1280,1024,1,1280,1024,0 IP216.59.63.128:0
File typeASCII text, with no line terminators Hashd5f0a25e4d3522d56d48ce7bc3e518fb 86794caff58f7fee6e684c2ba7195f970a8d6f4c 9d781128a8ece413b003d5612b8398bf9340ef7f5b751d12bd125ba523d3ceb5
GET /skL.php?_=BAYAY4foxQFjh-jFgAGBAsAAIIVbEIu_o0h7UAO0rqwKJw0uGg3xeH6EtgnqARicNXHxwQBIMEYCIQCqjTk4T8dosdSmde6kNGPK3JPQHLcVyGnW3laYLNrHPQIhAJ_u4omKspydY1bl8U2Y5FkbrvKteU-bQXcTadCCuVFf&v=4&xWyEZAgN=4129487&minBid=&JgofHrKy=0,0&RCWvoDIX=&XBObgQkV=&s=1280,1024,1,1280,1024,0 HTTP/1.1
Host: cdn4ads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
asf: 9
popads-ec: ASB
content-type: text/javascript;charset=UTF-8
content-length: 44
date: Wed, 30 Nov 2022 23:35:35 GMT
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png | 172.64.109.13 | 200 OK | 591 B |
URL HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png IP172.64.109.13:0
File typePNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced\012- data Hash9fd5bcb6103d86e317bd1eb019bcbe71 6b5a52ea669dcb74946f2bed4bdd7ec985026113 0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae
GET /sb/ssp/vpn/classic-push/small/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:36 GMT
content-type: image/png
content-length: 591
last-modified: Tue, 21 Sep 2021 12:03:43 GMT
etag: "6149ca1f-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1331062
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lg9S%2FVba80C1DxOvPNf2%2FlVmwXyA7saH7MtCLmILk%2FDV0kr8mwDzDPErNoCPX0H%2BemBzKc7c5b0d7SNqfUh0r4lCMCUWO9GDzL6hHLrZpDBsT8dPpW3Hb8wETyQtDwew6HRmw8SJ%2Foci"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772766824ca48861-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 472 B |
IP142.250.74.131:0
Hash146dac10a93604a686550631e14eefb9 b4af601ce6d515d9ec124938ce626060e0d43099 bac5bc94c1a95af45522dadbf1639aff31e691fa2314314c6cce1ab1e70bba87
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 23:35:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| e1.o.lencr.org/ | 23.36.77.32 | 200 OK | 346 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash3c22f6742a681063615a548ae5fbc532 631eaaad4049c5b6f54eb2b4e127b77240868636 a8e170fec241ad3ec9acc075fa8d7ce2184d129bf69f5ace3e7229aa3bfd59c7
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "A8E170FEC241AD3EC9ACC075FA8D7CE2184D129BF69F5ACE3E7229AA3BFD59C7"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9499
Expires: Thu, 01 Dec 2022 02:13:55 GMT
Date: Wed, 30 Nov 2022 23:35:36 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash878b09fbfc6e211b9563cb6e2159ace0 b90946d8d69b02f60b75b42f1ef048311b374855 633a08f91314ecd2fd983dc5415400b0d768befb25f65fcd531df4e95cdaafcb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "633A08F91314ECD2FD983DC5415400B0D768BEFB25F65FCD531DF4E95CDAAFCB"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2168
Expires: Thu, 01 Dec 2022 00:11:44 GMT
Date: Wed, 30 Nov 2022 23:35:36 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashdd71cb59bfd5e31191d61da63fec244a 998886e4743fc393838dbee7a6632d392e268e73 54672c525e2462ddbb2e84b80945daede2e13469b8817d636dc12d5bb0b3bc47
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54672C525E2462DDBB2E84B80945DAEDE2E13469B8817D636DC12D5BB0B3BC47"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20332
Expires: Thu, 01 Dec 2022 05:14:28 GMT
Date: Wed, 30 Nov 2022 23:35:36 GMT
Connection: keep-alive
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 472 B |
IP142.250.74.131:0
Hash146dac10a93604a686550631e14eefb9 b4af601ce6d515d9ec124938ce626060e0d43099 bac5bc94c1a95af45522dadbf1639aff31e691fa2314314c6cce1ab1e70bba87
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 23:35:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| cdn.cloudimagesb.com/si/47/4e/ca/474ecaa017bb82b0dab11e5d25e3caa6/1669746412.png | 45.133.44.10 | 200 OK | 3.2 kB |
URL HTTP/2cdn.cloudimagesb.com/si/47/4e/ca/474ecaa017bb82b0dab11e5d25e3caa6/1669746412.png IP45.133.44.10:0 ASN#39572 DataWeb Global Group B.V.
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data Hashfe5edba21d216d6be2024700e9278df9 7e3fc089caa05efea09ff21dbac8a346441aab94 dda094bf95e20b750a993d529b5ea8c02bf082bdf75d54213a636d816f946aae
GET /si/47/4e/ca/474ecaa017bb82b0dab11e5d25e3caa6/1669746412.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:36 GMT
content-type: image/png
content-length: 3187
server: nginx/1.17.6
last-modified: Tue, 29 Nov 2022 18:27:01 GMT
etag: "63864ef5-c73"
expires: Fri, 02 Dec 2022 23:35:36 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| unseenreport.com/pxf.gif?uuid=aaffba01-f6ea-42c9-886c-9f92d1f9a13d&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=1&pk=a6b0b8925d9b3a4154c035c24b4ed97e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23 | 192.243.61.225 | 200 OK | 1 B |
URL HTTP/1.1unseenreport.com/pxf.gif?uuid=aaffba01-f6ea-42c9-886c-9f92d1f9a13d&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=1&pk=a6b0b8925d9b3a4154c035c24b4ed97e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23 IP192.243.61.225:0 ASN#39572 DataWeb Global Group B.V.
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer | Verdict | Alert | quad9 | Sinkholed | |
GET /pxf.gif?uuid=aaffba01-f6ea-42c9-886c-9f92d1f9a13d&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=1&pk=a6b0b8925d9b3a4154c035c24b4ed97e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Wed, 30 Nov 2022 23:35:36 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ef57fafef5b4cc7e4b6be26c82b713f9
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| unseenreport.com/pxf.gif?uuid=aaffba01-f6ea-42c9-886c-9f92d1f9a13d&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=1&pk=0a6e9a96058c7f39edbf4999920d05a3&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23 | 192.243.61.225 | 200 OK | 1 B |
URL HTTP/1.1unseenreport.com/pxf.gif?uuid=aaffba01-f6ea-42c9-886c-9f92d1f9a13d&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=1&pk=0a6e9a96058c7f39edbf4999920d05a3&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23 IP192.243.61.225:0 ASN#39572 DataWeb Global Group B.V.
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer | Verdict | Alert | quad9 | Sinkholed | |
GET /pxf.gif?uuid=aaffba01-f6ea-42c9-886c-9f92d1f9a13d&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=1&pk=0a6e9a96058c7f39edbf4999920d05a3&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=23 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Wed, 30 Nov 2022 23:35:36 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2ea3f020f8d584e1063c611426a285a3
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js | 172.64.109.13 | 200 OK | 813 B |
URL HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js IP172.64.109.13:0
Hashef045e098bde5bfa706fd6f05b68ed08 2af1f25a077065cae4ddac5e31220b0d52a3266a fa5ddc4d9f38ce4c89a4daaef4c84e931efe4dcae3367f57e0247e8368f57014
GET /sb/ssp/vpn/classic-push/small/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://woffxxx.com
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:36 GMT
content-type: application/javascript
last-modified: Tue, 21 Sep 2021 12:03:44 GMT
etag: W/"6149ca20-3c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 222573
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kvomC1p0QwFtOzDi%2F2%2Bt%2FKYsEToQLtQ8outPw9QCpP4AYFH9df4VC%2Fo6yDd6qh43FRyfJP16DxAiN0TQ2%2FBogMxezgb1l0nmRMlNcwehpQaQ%2F4MX2Pg80vw2O5lr%2FLBccJMUU%2FX4Symx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77276682cd7b8861-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL HTTP/2fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 IP216.58.207.227:0
File typeWeb Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data Hashe9f5aaf547f165386cd313b995dddd8e acdef5603c2387b0e5bffd744b679a24a8bc1968 f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://woffxxx.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:34:15 GMT
expires: Thu, 30 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 14481
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 472 B |
IP142.250.74.131:0
Hash608e4d04a251ebcd51660e801f388303 fcb9aa48fd6ed504a1a9fed7990c5ccde63e6a1d cc1a34cd0a99e301df97cf184ab0ded2e229659f86f43e4eff479dee221695dc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 23:35:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 | 216.58.207.227 | 200 OK | 16 kB |
URL HTTP/2fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 IP216.58.207.227:0
File typeWeb Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data Hash15d9f621c3bd1599f0169dcf0bd5e63e 7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52 f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://woffxxx.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:54 GMT
expires: Thu, 30 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 14502
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| parkingridiculous.com/pixel/sbs?c=1 | 192.243.61.227 | 200 OK | 0 B |
URL HTTP/1.1parkingridiculous.com/pixel/sbs?c=1 IP192.243.61.227:0 ASN#39572 DataWeb Global Group B.V.
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | fortinet | Malware | | quad9 | Sinkholed | |
GET /pixel/sbs?c=1 HTTP/1.1
Host: parkingridiculous.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Cookie: u_pl=17334956; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca6b0b8925d9b3a4154c035c24b4ed97e=[3825557]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Wed, 30 Nov 2022 23:35:36 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| parkingridiculous.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSujgkRvUTxIijOSRR0tnu6JzOTHKIxRhb3l0lkvYjWr5ktt6arU9U9PbunJQHNcTwExFPvN7tZNy5i%2FoCAzAoiC4LtQRZ0z3pUIScFmdnBxQdV77363uH7vlcfb2ZHxEdGD5fmzbrSms7Uq37lpWUVC5O7ysKNSuBX%2FYuVZRWfjy5W%2BuPL9i4Efr3qv1x5S%2FJVM1PzA98P%2FKByVVnZNv2ZCQqV7LWCasuvRrVqUI%2FQt%2F%2FvXebBUQ%2Bid0SehhLlmZXvH0DxEeLu11ekW01N8sqb3UzT1Fj0xM678Wps8hjdk7JtPbTjnek0jCsJ%2BewUTLwzVQDT2xorAFMl8X4OwOKdKU2w3vYxU6YhYzDxJPLeCFKPoOgI3NyGEj8SgAssLCLu3lswNqdrxygdoyU5%2FegvqLwkp399BnH3q8ta9SvXjc5SZWKHfruA6o%2BgOiMk2T7SdQ8q3wdPb0GJH8jMoznE3a1Fpw2UKCbqlRpBtUfQcgDqPGTjozxkbQ9Z4qErDiu03mr7fqPN2mHYjDjnYch5vXle1EUYNds%2BMj6mN0CaDMD1ANxuILEbWFUD2OwbuJUCTnhwaUm8dzbQEwVySZA7gpwS5IogTwnyXrEttKu54p7QLmPBNNemOSyGJu1s0m2TdmRMNpMj8tTYF%2B%2FxW3tYlYcVep75rNmq1UWLhTQK6hH3wzqvRSySotWQcKqAcqcmUtdVSZ57WEWiSnL2%2FV%2FA6D6c3gdX50Cz50HzYaPmg64Mo6aP9XiPikynr67cvFlNDYQpkKSnka55m%2FqIPDvZz4UP7kLyg9fO%2FhOWd%2Fl9cFsgsQU%2BUt8SdPSd4TWTk61rJnfkwWKSqq5ap%2BPdXU9pKs%2Fcf1uu5caK2StusPs6HwPjcu%2BGdOkcjYWKO458eVkJIe1VY7kkD2fdsmRLmVu5nNk4S%2BaW3rg6202sdE6ZeASqSkI%2B3wVXJXli8MXkX75w4UUoO4LNCnSzAzINKLMPnmzAJQeXPmTz5R%2B7f8MZAqtPZljiIc%2BKoa2xk0etCLQ86Skr4OTBpd%2FfO8fmyz%2FB5H%2BGbLo76FgPNL2NuFugZwv0dAGqB3DZY8M0sQeXfgonAaa9IdPW22La6k%2BPzXXqsFIPItlkzQYXgkkugkYtbIa%2BXxMiarRk0ELqSv7Jb9%2F9CwAA%2F%2F8BAAD%2F%2F1hQ0XJvBAAA | 192.243.61.227 | 200 OK | 7 B |
URL HTTP/1.1parkingridiculous.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSujgkRvUTxIijOSRR0tnu6JzOTHKIxRhb3l0lkvYjWr5ktt6arU9U9PbunJQHNcTwExFPvN7tZNy5i%2FoCAzAoiC4LtQRZ0z3pUIScFmdnBxQdV77363uH7vlcfb2ZHxEdGD5fmzbrSms7Uq37lpWUVC5O7ysKNSuBX%2FYuVZRWfjy5W%2BuPL9i4Efr3qv1x5S%2FJVM1PzA98P%2FKByVVnZNv2ZCQqV7LWCasuvRrVqUI%2FQt%2F%2FvXebBUQ%2Bid0SehhLlmZXvH0DxEeLu11ekW01N8sqb3UzT1Fj0xM678Wps8hjdk7JtPbTjnek0jCsJ%2BewUTLwzVQDT2xorAFMl8X4OwOKdKU2w3vYxU6YhYzDxJPLeCFKPoOgI3NyGEj8SgAssLCLu3lswNqdrxygdoyU5%2FegvqLwkp399BnH3q8ta9SvXjc5SZWKHfruA6o%2BgOiMk2T7SdQ8q3wdPb0GJH8jMoznE3a1Fpw2UKCbqlRpBtUfQcgDqPGTjozxkbQ9Z4qErDiu03mr7fqPN2mHYjDjnYch5vXle1EUYNds%2BMj6mN0CaDMD1ANxuILEbWFUD2OwbuJUCTnhwaUm8dzbQEwVySZA7gpwS5IogTwnyXrEttKu54p7QLmPBNNemOSyGJu1s0m2TdmRMNpMj8tTYF%2B%2FxW3tYlYcVep75rNmq1UWLhTQK6hH3wzqvRSySotWQcKqAcqcmUtdVSZ57WEWiSnL2%2FV%2FA6D6c3gdX50Cz50HzYaPmg64Mo6aP9XiPikynr67cvFlNDYQpkKSnka55m%2FqIPDvZz4UP7kLyg9fO%2FhOWd%2Fl9cFsgsQU%2BUt8SdPSd4TWTk61rJnfkwWKSqq5ap%2BPdXU9pKs%2Fcf1uu5caK2StusPs6HwPjcu%2BGdOkcjYWKO458eVkJIe1VY7kkD2fdsmRLmVu5nNk4S%2BaW3rg6202sdE6ZeASqSkI%2B3wVXJXli8MXkX75w4UUoO4LNCnSzAzINKLMPnmzAJQeXPmTz5R%2B7f8MZAqtPZljiIc%2BKoa2xk0etCLQ86Skr4OTBpd%2FfO8fmyz%2FB5H%2BGbLo76FgPNL2NuFugZwv0dAGqB3DZY8M0sQeXfgonAaa9IdPW22La6k%2BPzXXqsFIPItlkzQYXgkkugkYtbIa%2BXxMiarRk0ELqSv7Jb9%2F9CwAA%2F%2F8BAAD%2F%2F1hQ0XJvBAAA IP192.243.61.227:0 ASN#39572 DataWeb Global Group B.V.
File typeASCII text, with no line terminators Hash132d6af1b46048b45cf86cdee7991d31 eb7007d03d59b65bc6da7e098c4d38fc6dfb6285 ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer | Verdict | Alert | fortinet | Malware | | quad9 | Sinkholed | |
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSujgkRvUTxIijOSRR0tnu6JzOTHKIxRhb3l0lkvYjWr5ktt6arU9U9PbunJQHNcTwExFPvN7tZNy5i%2FoCAzAoiC4LtQRZ0z3pUIScFmdnBxQdV77363uH7vlcfb2ZHxEdGD5fmzbrSms7Uq37lpWUVC5O7ysKNSuBX%2FYuVZRWfjy5W%2BuPL9i4Efr3qv1x5S%2FJVM1PzA98P%2FKByVVnZNv2ZCQqV7LWCasuvRrVqUI%2FQt%2F%2FvXebBUQ%2Bid0SehhLlmZXvH0DxEeLu11ekW01N8sqb3UzT1Fj0xM678Wps8hjdk7JtPbTjnek0jCsJ%2BewUTLwzVQDT2xorAFMl8X4OwOKdKU2w3vYxU6YhYzDxJPLeCFKPoOgI3NyGEj8SgAssLCLu3lswNqdrxygdoyU5%2FegvqLwkp399BnH3q8ta9SvXjc5SZWKHfruA6o%2BgOiMk2T7SdQ8q3wdPb0GJH8jMoznE3a1Fpw2UKCbqlRpBtUfQcgDqPGTjozxkbQ9Z4qErDiu03mr7fqPN2mHYjDjnYch5vXle1EUYNds%2BMj6mN0CaDMD1ANxuILEbWFUD2OwbuJUCTnhwaUm8dzbQEwVySZA7gpwS5IogTwnyXrEttKu54p7QLmPBNNemOSyGJu1s0m2TdmRMNpMj8tTYF%2B%2FxW3tYlYcVep75rNmq1UWLhTQK6hH3wzqvRSySotWQcKqAcqcmUtdVSZ57WEWiSnL2%2FV%2FA6D6c3gdX50Cz50HzYaPmg64Mo6aP9XiPikynr67cvFlNDYQpkKSnka55m%2FqIPDvZz4UP7kLyg9fO%2FhOWd%2Fl9cFsgsQU%2BUt8SdPSd4TWTk61rJnfkwWKSqq5ap%2BPdXU9pKs%2Fcf1uu5caK2StusPs6HwPjcu%2BGdOkcjYWKO458eVkJIe1VY7kkD2fdsmRLmVu5nNk4S%2BaW3rg6202sdE6ZeASqSkI%2B3wVXJXli8MXkX75w4UUoO4LNCnSzAzINKLMPnmzAJQeXPmTz5R%2B7f8MZAqtPZljiIc%2BKoa2xk0etCLQ86Skr4OTBpd%2FfO8fmyz%2FB5H%2BGbLo76FgPNL2NuFugZwv0dAGqB3DZY8M0sQeXfgonAaa9IdPW22La6k%2BPzXXqsFIPItlkzQYXgkkugkYtbIa%2BXxMiarRk0ELqSv7Jb9%2F9CwAA%2F%2F8BAAD%2F%2F1hQ0XJvBAAA HTTP/1.1
Host: parkingridiculous.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Cookie: u_pl=17334956; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca6b0b8925d9b3a4154c035c24b4ed97e=[3825557]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Wed, 30 Nov 2022 23:35:36 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e3d559410539c38a3d639be6ce66d8f6
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 472 B |
IP142.250.74.131:0
Hash608e4d04a251ebcd51660e801f388303 fcb9aa48fd6ed504a1a9fed7990c5ccde63e6a1d cc1a34cd0a99e301df97cf184ab0ded2e229659f86f43e4eff479dee221695dc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 23:35:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.globalsign.com/gseccovsslca2018 | 151.101.66.133 | 200 OK | 937 B |
URL HTTP/1.1ocsp.globalsign.com/gseccovsslca2018 IP151.101.66.133:0
Hashf5a1c138719da815b43e2890ad45f80b be8bae7db5c17b291bab74b4a43db37acdd64654 e0deae874a23209efe43f07257d84e9638c46966a8b4fcb751ab4025a0cd3669
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 937
Server: nginx
Content-Type: application/ocsp-response
Expires: Sun, 04 Dec 2022 21:50:08 GMT
ETag: "be8bae7db5c17b291bab74b4a43db37acdd64654"
Last-Modified: Wed, 30 Nov 2022 21:50:09 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Wed, 30 Nov 2022 23:35:38 GMT
Age: 2727
X-Served-By: cache-qpg1244-QPG, cache-bma1667-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 19, 8
X-Timer: S1669851338.447641,VS0,VE0
|
|
| s.w.org/images/core/emoji/14.0.0/svg/1f4a6.svg | 192.0.77.48 | 200 OK | 1.7 kB |
URL HTTP/2s.w.org/images/core/emoji/14.0.0/svg/1f4a6.svg IP192.0.77.48:0
File typeSVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (517), with no line terminators Hash7f6fecda358ea300b44a182bf097369b d945aaf652ab49fab4202b3efe38fdcdc7a2cfc9 6680ddfe65383200a5e3f41b3389c5c649bf198fff4f43f2cdd5226b75b484bf
GET /images/core/emoji/14.0.0/svg/1f4a6.svg HTTP/1.1
Host: s.w.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 23:35:35 GMT
content-type: image/svg+xml
last-modified: Tue, 12 Apr 2022 03:50:38 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html | 45.133.44.3 | 200 OK | 887 B |
URL HTTP/2cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html IP45.133.44.3:0 ASN#39572 DataWeb Global Group B.V.
Hashb3606cef4adc8b62f26588a77842a3a7 dbe7c81a12cea665bdc4b3f7d50d88601e75cb20 068c362db8dcab04177add2de6bd51b6e3c9e7e02f9ec72f5ff6dbb0e514aaf0
Analyzer | Verdict | Alert | fortinet | Phishing | |
GET /sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://woffxxx.com
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:35 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Mon, 27 Sep 2021 07:43:24 GMT
etag: W/"6151761c-52d"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Thu, 01 Dec 2022 00:35:35 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
|
|
| mc.yandex.ru/metrika/tag.js | 87.250.250.119 | 200 OK | 73 kB |
URL HTTP/2mc.yandex.ru/metrika/tag.js IP87.250.250.119:0
File typeUnicode text, UTF-8 (with BOM) text, with very long lines (587) Hash1d79426653c3b55939eaec59a2ce8ef5 c6db0314df7a4e5c08047f6306e0b79a1ad3bab2 2729cfe8b2f5142cf99734cbb4e1a3c6cd35868d279cd796db49ef62742ef993
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 73267
date: Wed, 30 Nov 2022 23:35:38 GMT
access-control-allow-origin: *
etag: "63875d46-11e33"
expires: Thu, 01 Dec 2022 00:35:38 GMT
last-modified: Wed, 30 Nov 2022 16:40:22 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
|
|
| mc.yandex.ru/metrika/advert.gif | 87.250.250.119 | 200 OK | 43 B |
URL HTTP/2mc.yandex.ru/metrika/advert.gif IP87.250.250.119:0
File typeGIF image data, version 89a, 1 x 1\012- data Hashdf3e567d6f16d040326c7a0ea29a4f41 ea7df583983133b62712b5e73bffbcd45cc53736 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 30 Nov 2022 23:35:38 GMT
access-control-allow-origin: *
etag: "63875d46-2b"
expires: Thu, 01 Dec 2022 00:35:38 GMT
accept-ranges: bytes
last-modified: Wed, 30 Nov 2022 16:40:22 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
|
|
| friendshipmale.com/sfp.js | 172.64.109.35 | 200 OK | 0 B |
URL HTTP/2friendshipmale.com/sfp.js IP172.64.109.35:0
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:34 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 25f92bb393bf2fb0fa6e1b7f891ddb0b
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 30 Nov 2022 23:35:33 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uWEaA35O15sU0IwxMDVSKWgrpYa9vD2OvwfKkZjNApuZ0YQ%2FQ4QUu9W5Nm55hI0NbEu7jkDBTBlwxVIUFwEFJ2OJyKzVafCJgeBf2EyNqMBUwZYsKHM6y421bR4xHsqTAoOnT2A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7727667598c77413-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| s.w.org/images/core/emoji/14.0.0/svg/1f4e5.svg | 192.0.77.48 | 200 OK | 0 B |
URL HTTP/2s.w.org/images/core/emoji/14.0.0/svg/1f4e5.svg IP192.0.77.48:0
GET /images/core/emoji/14.0.0/svg/1f4e5.svg HTTP/1.1
Host: s.w.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 23:35:35 GMT
content-type: image/svg+xml
last-modified: Tue, 12 Apr 2022 03:53:43 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn 1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| unpkg.com/@silvermine/videojs-quality-selector@1.2.4/dist/js/silvermine-videojs-quality-selector.min.js | 104.16.125.175 | 200 OK | 0 B |
URL HTTP/2unpkg.com/@silvermine/videojs-quality-selector@1.2.4/dist/js/silvermine-videojs-quality-selector.min.js IP104.16.125.175:0
GET /@silvermine/videojs-quality-selector@1.2.4/dist/js/silvermine-videojs-quality-selector.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xxxfree.watch/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:32 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"5acc-q2POJTFsNAdkUTsA1IhV3IUmXP0"
via: 1.1 fly.io
fly-request-id: 01F3YGTF8JRQD6FT3WSZ9G9XWN
cf-cache-status: HIT
age: 19162100
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7727666b6ae20b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| a.realsrv.com/iframe.php?idzone=4672840&size=300x250 | 185.76.9.22 | 200 OK | 0 B |
URL HTTP/2a.realsrv.com/iframe.php?idzone=4672840&size=300x250 IP185.76.9.22:0 ASN#60068 Datacamp Limited
GET /iframe.php?idzone=4672840&size=300x250 HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:32 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 01 Dec 2022 01:56:03 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: EXPIRED
x-accel-expires: @1669859763
server: CDN77-Turbo
x-77-nzt: AblMCRScx3j/QQkAAA
x-77-nzt-ray: af5856300194da99c4e88763ef49951d
x-cache: HIT
x-age: 2369
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
|
|
| a.realsrv.com/iframe.js?idzone=4672840&size=300x250 | 185.76.9.22 | 200 OK | 0 B |
URL HTTP/2a.realsrv.com/iframe.js?idzone=4672840&size=300x250 IP185.76.9.22:0 ASN#60068 Datacamp Limited
GET /iframe.js?idzone=4672840&size=300x250 HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.realsrv.com/iframe.php?idzone=4672840&size=300x250
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226387e8c4941221.757334201856422759%22%3B%7D; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4713906%7C23975185%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7Cde2c63e04e55b99355cdde1a6b9b213f%7C0%7Cxxxfree.watch%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:32 GMT
content-type: application/javascript
etag: W/"8d0c89fff2e0e92a59e7ce04232"
expires: Tue, 29 Nov 2022 13:18:31 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1669860534
server: CDN77-Turbo
x-77-nzt: AblMCRQIbCv/PgYAAA
x-77-nzt-ray: af5856300194da99c4e88763620a982d
x-cache: HIT
x-age: 1598
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
|
|
| www.sizokiwhe.pro/eac240/896c4467b56b.js | 67.216.91.19 | 200 OK | 0 B |
URL HTTP/2www.sizokiwhe.pro/eac240/896c4467b56b.js IP67.216.91.19:0
GET /eac240/896c4467b56b.js HTTP/1.1
Host: www.sizokiwhe.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: text/plain
Origin: https://xxxfree.watch
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ucdn/1.22.1
date: Wed, 30 Nov 2022 23:35:32 GMT
content-type: application/javascript
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315357868, public
x-ureq-id: XDrrrzssYKy7XniAYHDaCxO/1BtQYlPAo1HVcwFLMsog41fW3hOd965Uj5PfSqLO3GY8s5N7WkiuyFrNS0bW2GjDED1Td4QszNpqMuQg55RKoY6ehLyvar8c574+4+Vt
x-served-from: l1
x-vhostid: 145, 21776
content-encoding: br
X-Firefox-Spdy: h2
|
|
| www.sizokiwhe.pro/eac240/896c4467b56b.js | 67.216.91.19 | 200 OK | 0 B |
URL HTTP/2www.sizokiwhe.pro/eac240/896c4467b56b.js IP67.216.91.19:0
GET /eac240/896c4467b56b.js HTTP/1.1
Host: www.sizokiwhe.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ucdn/1.22.1
date: Wed, 30 Nov 2022 23:35:32 GMT
content-type: application/javascript
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315357868, public
x-ureq-id: XDrrrzssYKy7XniAYHDaCxO/1BtQYlPAo1HVcwFLMsog41fW3hOd965Uj5PfSqLO3GY8s5N7WkiuyFrNS0bW2GjDED1Td4QszNpqMuQg55RKoY6ehLyvar8c574+4+Vt
x-served-from: l1
x-vhostid: 145, 21615
content-encoding: br
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js | 172.64.109.13 | 200 OK | 0 B |
URL HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js IP172.64.109.13:0
GET /sb/ssp/vpn/classic-push/small/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:36 GMT
content-type: application/javascript
last-modified: Tue, 21 Sep 2021 12:03:44 GMT
etag: W/"6149ca20-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1331062
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rd1PSmoi9QmugXnT3nrkVxrqIsi4zgFNIl4m9PiuvZJ20fYou1wiJzrsHieFvt6plIFrfld7EpYim8fa0Rqb9RLpXn6yn0ELV7nXKFPa46HMZA5bgQHvaISN%2Fax1wod72bnsvZZ1P%2B1%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772766824ca68861-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| woffxxx.com/e/eFNGajN2SmRQQ3ZHb1NBeGE0cnRkdz09 | 104.21.75.240 | 200 OK | 0 B |
URL HTTP/2woffxxx.com/e/eFNGajN2SmRQQ3ZHb1NBeGE0cnRkdz09 IP104.21.75.240:0
GET /e/eFNGajN2SmRQQ3ZHb1NBeGE0cnRkdz09 HTTP/1.1
Host: woffxxx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:32 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-robots-tag: 'none, noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex'
x-content-type-options: nosniff
x-xss-protection: 1; mode=block;
p3p: policyref="http://www.example.com/w3c/p3p.xml", CP="CURa ADMa DEVa CONo HISa OUR IND DSP ALL COR"
link: <//woffxxx.com>; rel=preconnect; crossorigin, <//global.stun.twilio.com>; rel=dns-prefetch; crossorigin, <//counter.yadro.ru>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//stun2.l.google.com>; rel=dns-prefetch; crossorigin, <//unpkg.com>; rel=preconnect; crossorigin, <//mc.yandex.ru>; rel=preconnect; crossorigin, <//cdn.jsdelivr.net>; rel=preconnect; crossorigin, <//signal.netu.tv>; rel=dns-prefetch; crossorigin,<//wss.commentsengine.com>; rel=dns-prefetch; crossorigin, <//www.gstatic.com>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin,<//deliver.vkcdnservice.com>; rel=preconnect; crossorigin, <//deliver.vkcdnservice.com>; rel=preconnect; crossorigin,<//vkcdnservice.appspot.com.storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin, <//www.recaptcha.net>; rel=preconnect; crossorigin, <//cdnjs.cloudflare.com>; rel=preconnect; crossorigin
x-origin-location: player
cache-control: public, stale-if-error=30, max-age=30
x-cache-status-inferno: MISS
x-inferno-location: player
x-inferno-limit-req: PASSED
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uI6AAMlY9kmgVRMI5IEhsbb38c4%2FgvGBX8wnxn%2FrdBditKFvdMQm9wLodnB%2FsOM7jj4RLx8sZ%2BXVD2Sk4hcOfRD99PEGlW48xnA8zK6uAtd%2FPH%2FfR9DnYc%2FdiJuQfg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7727666d5eb11c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| a.realsrv.com/iframe.js?idzone=4673696&size=300x100 | 185.76.9.22 | 200 OK | 0 B |
URL HTTP/2a.realsrv.com/iframe.js?idzone=4673696&size=300x100 IP185.76.9.22:0 ASN#60068 Datacamp Limited
GET /iframe.js?idzone=4673696&size=300x100 HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.realsrv.com/iframe.php?idzone=4673696&size=300x100
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:32 GMT
content-type: application/javascript
etag: W/"7fe15487765338e538379e9afad"
expires: Tue, 29 Nov 2022 13:18:31 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1669860530
server: CDN77-Turbo
x-77-nzt: AblMCRRpZHb/QgYAAA
x-77-nzt-ray: af5856300194da99c4e8876330a50d20
x-cache: HIT
x-age: 1602
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
|
|
| unpkg.com/jquery@2.2.4/dist/jquery.min.js | 104.16.125.175 | 200 OK | 0 B |
URL HTTP/2unpkg.com/jquery@2.2.4/dist/jquery.min.js IP104.16.125.175:0
GET /jquery@2.2.4/dist/jquery.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:32 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Fri, 20 May 2016 17:24:42 GMT
etag: W/"14e4a-abtp4lyn1e8JNTF1hOYVPz/ZqIw"
via: 1.1 fly.io
fly-request-id: 01G754SVY4BFC19MXYRYRMED91-fra
cf-cache-status: HIT
age: 12894833
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7727666e4cda0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css | 172.64.109.13 | 200 OK | 0 B |
URL HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css IP172.64.109.13:0
GET /sb/ssp/vpn/classic-push/small/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://woffxxx.com
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:36 GMT
content-type: text/css
last-modified: Tue, 21 Sep 2021 12:03:42 GMT
etag: W/"6149ca1e-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 222573
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LgQl0s%2Fy9uUmnOcN1MjNKR%2FVUSi3nZC40eZkomSEj6vXWF342DkWzqcJyUUdI6IaRRtuBYs%2F3rgk5%2B2Glv0K7%2BTVwghb9WGQ3J6eaDnHF95Tma7rR9Yo%2B7Kh%2F1ddjtcoZY7O9EMA%2Bv5c"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772766823c878861-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css | 172.64.109.13 | 200 OK | 0 B |
URL HTTP/2cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css IP172.64.109.13:0
GET /sb/ssp/vpn/classic-push/small/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://woffxxx.com
Connection: keep-alive
Referer: https://woffxxx.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:36 GMT
content-type: text/css
last-modified: Tue, 21 Sep 2021 12:03:42 GMT
etag: W/"6149ca1e-d31"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 222573
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FNBD7abARgqJVQxSqHx3F6S6vXkJiBH7rHgCpwMEt3JNak9XubkLdPH6JBed9wl8StaBot9DH2xQRIcwSfXDndsTgnM%2FbcDhJXu%2BMsvpYFtzsbsZslJeeTeiB4gLzf%2F0PxfVD8WP8tGd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 772766823c928861-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| xxxfree.watch/hegre-helga/ | 104.21.72.141 | 200 OK | 0 B |
URL HTTP/2xxxfree.watch/hegre-helga/ IP104.21.72.141:0
GET /hegre-helga/ HTTP/1.1
Host: xxxfree.watch
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:32 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.33, PleskLin
last-modified: Tue, 29 Nov 2022 09:30:59 GMT
vary: Accept-Encoding
cache-control: max-age=0
expires: Wed, 30 Nov 2022 23:35:32 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sdj%2FReGE%2ByJ8fMJ5gha18gBFpyJKtLfYGlHXt0Gg3lQicgg0RZEHEHTNlDiJFDcQHpz3%2ByHVhuPqZC6YbwHUIkZd1Evva9uD7s6fPaL%2BkVQTe0QVDiCWMhsghDaXzCnN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77276668eed3fac8-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| a.realsrv.com/nativeads-v2.js | 185.76.9.22 | 200 OK | 0 B |
URL HTTP/2a.realsrv.com/nativeads-v2.js IP185.76.9.22:0 ASN#60068 Datacamp Limited
GET /nativeads-v2.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:32 GMT
content-type: application/javascript
etag: W/"3eb4c0066ecfc78c36ab17afea4"
expires: Tue, 29 Nov 2022 13:18:12 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1669857544
server: CDN77-Turbo
x-77-nzt: AblMCRSdf2T/7BEAAA
x-77-nzt-ray: af5856300194da99c4e88763aae19011
x-cache: HIT
x-age: 4588
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
|
|
| a.realsrv.com/ad-provider.js | 185.76.9.22 | 200 OK | 0 B |
URL HTTP/2a.realsrv.com/ad-provider.js IP185.76.9.22:0 ASN#60068 Datacamp Limited
GET /ad-provider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.realsrv.com/iframe.php?idzone=4673696&size=300x100
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:32 GMT
content-type: application/javascript
etag: W/"f26c91d131ffc1bbddb296d644e"
expires: Tue, 29 Nov 2022 13:18:12 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1669857544
server: CDN77-Turbo
x-77-nzt: AblMCRROXoL/7BEAAA
x-77-nzt-ray: af5856300194da99c4e887638362a21f
x-cache: HIT
x-age: 4588
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap | 142.250.74.106 | 200 OK | 0 B |
URL HTTP/2fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap IP142.250.74.106:0
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 30 Nov 2022 23:35:36 GMT
date: Wed, 30 Nov 2022 23:35:36 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
|
|
| a.realsrv.com/iframe.php?idzone=4673696&size=300x100 | 185.76.9.22 | 200 OK | 0 B |
URL HTTP/2a.realsrv.com/iframe.php?idzone=4673696&size=300x100 IP185.76.9.22:0 ASN#60068 Datacamp Limited
GET /iframe.php?idzone=4673696&size=300x100 HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 30 Nov 2022 23:35:32 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 01 Dec 2022 01:54:24 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: EXPIRED
x-accel-expires: @1669859664
server: CDN77-Turbo
x-77-nzt: AblMCRSQpYz/pAkAAA
x-77-nzt-ray: af5856300194da99c4e88763c9cb521a
x-cache: HIT
x-age: 2468
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
|
|
| fickle-brush.com/cnDW9z6eb.2a5AlxSXW/Qx9-NHD/EYzmNyTwk_2pMzCS0/0TMSTGMS1qOST/YjxV | 188.72.219.35 | 200 OK | 0 B |
URL HTTP/2fickle-brush.com/cnDW9z6eb.2a5AlxSXW/Qx9-NHD/EYzmNyTwk_2pMzCS0/0TMSTGMS1qOST/YjxV IP188.72.219.35:0
GET /cnDW9z6eb.2a5AlxSXW/Qx9-NHD/EYzmNyTwk_2pMzCS0/0TMSTGMS1qOST/YjxV HTTP/1.1
Host: fickle-brush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xxxfree.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 23:35:32 GMT
content-type: application/javascript
vary: Accept-Encoding
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
last-modified: Wed, 30 Nov 2022 23:35:32 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
set-cookie: kadSlcJ=eyJ0aW1lU3RhbXAiOjE2Njk4NTA3MDUsInpvbmVzIjp7IjQxMzU5NjAiOls0MTM1OTYwLDIsMTY2OTg1MTMzMl0sIjQyMzYyNDMiOls0MjM2MjQzLDEsMTY2OTg1MDcwNV19fQ==; max-age=1701387332; path=/
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
|
|