discordvoicebot.xyz/%D8%AA%D9%88%D8%B5%D9%8A%D9%84.html
188.114.97.1301 Moved Permanently 0 B URL HTTP/1.1 discordvoicebot.xyz/%D8%AA%D9%88%D8%B5%D9%8A%D9%84.html
IP 188.114.97.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /%D8%AA%D9%88%D8%B5%D9%8A%D9%84.html HTTP/1.1
Host: discordvoicebot.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Wed, 29 Mar 2023 14:23:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 29 Mar 2023 15:23:22 GMT
Location: https://discordvoicebot.xyz/%D8%AA%D9%88%D8%B5%D9%8A%D9%84.html
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v0SkMcL9QWCN8rQD%2FntJ5BIdxsKUPdOq87Wr%2BIrrkC85sFl9vAF2TdBYPxeQ1GlKr%2FNTcTLdri8v6EMx1kBFw1Qy78AL62GU2%2BlH2xulZNPEZUXEtAc903mRW%2F%2BEXN2bqwdzT2UM"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7af8c5382de70b4d-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 93f633ce30c038eb581544323c5a971e
2f60526cb750c6babccc207f75fb5a8ae6f7598b
0ff6df80a892199848fb943af78541b66efc09a7ab70d4b169906fdbac1eabf8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FF6DF80A892199848FB943AF78541B66EFC09A7AB70D4B169906FDBAC1EABF8"
Last-Modified: Mon, 27 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15849
Expires: Wed, 29 Mar 2023 18:47:32 GMT
Date: Wed, 29 Mar 2023 14:23:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c83d39f350161ed2f5d20dcd68e47c92
2695a888e652cb314f8094cc6073c3364336d272
62e5cc6aea61c3c32acd964d4bbe143806416008181eebc4451a8f035b69a0bc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62E5CC6AEA61C3C32ACD964D4BBE143806416008181EEBC4451A8F035B69A0BC"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4687
Expires: Wed, 29 Mar 2023 15:41:30 GMT
Date: Wed, 29 Mar 2023 14:23:23 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 7f03faaba3392caae6dae54467bfdf6d
57ea1f14e8bfbcca8190c706d708c9fda12442c1
02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Length, Content-Type, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 29 Mar 2023 13:28:09 GMT
content-type: application/json
age: 3314
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c0d9353dc46e88bf564ed464b0b073c7
0b5ce170e7db24267a3ba5b79a48548b1acd2e5b
7c7ef189b14109b44aa96454ea1b94bcbd3d69599cc7ba429f8234f6acd88a9b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7C7EF189B14109B44AA96454EA1B94BCBD3D69599CC7BA429F8234F6ACD88A9B"
Last-Modified: Mon, 27 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11606
Expires: Wed, 29 Mar 2023 17:36:49 GMT
Date: Wed, 29 Mar 2023 14:23:23 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Mr0J/Eq+Q8v2aXThuXJJzTwVQ3LTn0FRnJV1iHuWgsaRG6I4fp2Jgu7QVi91xw0Ftxd1HR4EiHg=
x-amz-request-id: 29B3XTC5W6EVSRC8
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 29 Mar 2023 14:02:31 GMT
age: 1252
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 14:23:23 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash bfa3fc96de14a80af0187a7c3ee285d4
e60c9b3124ec2a611286af0b777319cf10230c1b
ccdfe9029ede4a2535fb88ed1d74b419cf65a63b204e7d28f215722c6fdd160b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:23:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6d41684acbe3039969654ece36adcae2
31142aa2c94257d55f110c89cd9a6307efa7cd70
fac6ec5aea166bdc1a7f8d0f7a7c93b18e16db0df9f3c2c1abc6e59f5ddcc7f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:23:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6d41684acbe3039969654ece36adcae2
31142aa2c94257d55f110c89cd9a6307efa7cd70
fac6ec5aea166bdc1a7f8d0f7a7c93b18e16db0df9f3c2c1abc6e59f5ddcc7f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:23:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i.ytimg.com/vi_webp/ggYcOCfawac/hqdefault.webp
142.250.74.182200 OK 42 kB URL HTTP/2 i.ytimg.com/vi_webp/ggYcOCfawac/hqdefault.webp
IP 142.250.74.182:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 480x360, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash ea8aabf534d08cb9b1c68139608f1dae
d69b8baca721cc7d869f2484f5e9834df2c9a7ff
cf9dc69c3bb2fb3493190e4ed72d92e8b6536817a9ef4ce63449332c1f0eb923
GET /vi_webp/ggYcOCfawac/hqdefault.webp HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://discordvoicebot.xyz/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/webp
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 41810
date: Wed, 29 Mar 2023 14:23:23 GMT
expires: Wed, 29 Mar 2023 16:23:23 GMT
cache-control: public, max-age=7200
etag: "1645867896"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash bfa3fc96de14a80af0187a7c3ee285d4
e60c9b3124ec2a611286af0b777319cf10230c1b
ccdfe9029ede4a2535fb88ed1d74b419cf65a63b204e7d28f215722c6fdd160b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:23:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i.ytimg.com/vi_webp/9PGvOWTfVxw/hqdefault.webp
142.250.74.182200 OK 41 kB URL HTTP/2 i.ytimg.com/vi_webp/9PGvOWTfVxw/hqdefault.webp
IP 142.250.74.182:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 480x360, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 6bb57023d26a52a691824d67120e4e6b
95aeac9896fae2d9cef6a85d5dbd5da0091bdd54
013fe1abc3e96a56aa83d41716d162c376940f49cb225fae8432a5d2aea2d07f
GET /vi_webp/9PGvOWTfVxw/hqdefault.webp HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://discordvoicebot.xyz/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/webp
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 40578
date: Wed, 29 Mar 2023 14:23:23 GMT
expires: Wed, 29 Mar 2023 16:23:23 GMT
cache-control: public, max-age=7200
etag: "1649618120"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6d41684acbe3039969654ece36adcae2
31142aa2c94257d55f110c89cd9a6307efa7cd70
fac6ec5aea166bdc1a7f8d0f7a7c93b18e16db0df9f3c2c1abc6e59f5ddcc7f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:23:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a740252e7b24892a3e34f6dfed6e3bde
d44d21abb95edd1ccc775632254f11ee94fb585e
e289995a2b4b340364dd7dfa32c79c7722ece6cc4b893b38fc68bbce680d2f94
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E289995A2B4B340364DD7DFA32C79C7722ECE6CC4B893B38FC68BBCE680D2F94"
Last-Modified: Mon, 27 Mar 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4387
Expires: Wed, 29 Mar 2023 15:36:30 GMT
Date: Wed, 29 Mar 2023 14:23:23 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, ETag, Alert, Last-Modified, Retry-After, Content-Length, Pragma, Backoff, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 29 Mar 2023 14:14:36 GMT
age: 527
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
push.services.mozilla.com/
34.117.65.55101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.117.65.55:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: AzmBfMo2qCF3I1re4Gnbsg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: k6CatyHzS0T6Q2ZOjFcridU2aBI=
Date: Wed, 29 Mar 2023 14:23:23 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 206fc87a7346ff834cbc81b65f949e7d
99d56699f8d827c671ed608a71133c1037aa3989
717a705a3cfc42772449d0ea335129f02865f4485987e5e2e3bec33808b960f0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "717A705A3CFC42772449D0EA335129F02865F4485987E5E2E3BEC33808B960F0"
Last-Modified: Mon, 27 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6840
Expires: Wed, 29 Mar 2023 16:17:23 GMT
Date: Wed, 29 Mar 2023 14:23:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ca3d440c3527af3f3d2c071188c1cc3a
01cd29ee7d3b9136046d3f2139b09bfa01d6c049
3d8d262e2de41472ea2760ffdcbc7a3c3c2d940aa0913105579c3cad918b6457
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3D8D262E2DE41472EA2760FFDCBC7A3C3C2D940AA0913105579C3CAD918B6457"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11597
Expires: Wed, 29 Mar 2023 17:36:41 GMT
Date: Wed, 29 Mar 2023 14:23:24 GMT
Connection: keep-alive
my.rtmark.net/img.gif?f=merge&userId=068c912218dd4f3aa5889a10f7c3a034
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=merge&userId=068c912218dd4f3aa5889a10f7c3a034
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=merge&userId=068c912218dd4f3aa5889a10f7c3a034 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://whairtoa.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 14:23:24 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=068c912218dd4f3aa5889a10f7c3a034; expires=Thu, 28 Mar 2024 14:23:24 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
whairtoa.com/?z=4138880&syncedCookie=true&rhd=false
139.45.197.238302 Found 0 B URL HTTP/2 whairtoa.com/?z=4138880&syncedCookie=true&rhd=false
IP 139.45.197.238:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /?z=4138880&syncedCookie=true&rhd=false HTTP/1.1
Host: whairtoa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 438
Origin: https://whairtoa.com
Connection: keep-alive
Referer: https://whairtoa.com/afu.php?zoneid=4138880&var=4138880&rid=JHNm_wZ53kVd83gjBBvFMw%3D%3D&rhd=false
Cookie: OAID=068c912218dd4f3aa5889a10f7c3a034; oaidts=1680099803
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: nginx
date: Wed, 29 Mar 2023 14:23:24 GMT
content-length: 0
location: https://spo76rt28r.com/news.php?key=kzpgib0wc95k23usqnoz&SUBID=664949372718690975&cost=0.004524&zoneid=4138880&browser=firefox&bannerid=12029653&device=desktop&zone_type={zone_type}&country=NO&os=windows&osversion=win10&carrier=?&user_activity=high&rdk=rk3
x-trace-id: 6e41b9dc4d740be69528187109a0f623
link: <https://spo76rt28r.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
access-control-allow-origin: https://whairtoa.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=068c912218dd4f3aa5889a10f7c3a034; expires=Thu, 28 Mar 2024 14:23:24 GMT; path=/; secure; SameSite=None
oaidts=1680099803; expires=Thu, 28 Mar 2024 14:23:24 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Wed, 05 Apr 2023 14:23:24 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 02fd35e384150ca01d4a4e07c3f4db1e
ac91484101cceed90bf1ccb51471da33157077b3
561b06bfc84b34f6a76d32b47a9a0fd570a3ad484b258d137a56d8246419b090
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 29 Mar 2023 14:23:24 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 27 Mar 2023 02:07:09 GMT
Expires: Mon, 03 Apr 2023 02:07:08 GMT
Etag: "ac91484101cceed90bf1ccb51471da33157077b3"
Cache-Control: max-age=387223,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7af8c53fe90db4f1-OSL
spo76rt28r.com/news.php?key=kzpgib0wc95k23usqnoz&SUBID=664949372718690975&cost=0.004524&zoneid=4138880&browser=firefox&bannerid=12029653&device=desktop&zone_type={zone_type}&country=NO&os=windows&osversion=win10&carrier=?&user_activity=high&rdk=rk3
78.46.92.254302 Found 0 B URL HTTP/1.1 spo76rt28r.com/news.php?key=kzpgib0wc95k23usqnoz&SUBID=664949372718690975&cost=0.004524&zoneid=4138880&browser=firefox&bannerid=12029653&device=desktop&zone_type={zone_type}&country=NO&os=windows&osversion=win10&carrier=?&user_activity=high&rdk=rk3
IP 78.46.92.254:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /news.php?key=kzpgib0wc95k23usqnoz&SUBID=664949372718690975&cost=0.004524&zoneid=4138880&browser=firefox&bannerid=12029653&device=desktop&zone_type={zone_type}&country=NO&os=windows&osversion=win10&carrier=?&user_activity=high&rdk=rk3 HTTP/1.1
Host: spo76rt28r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.22.0
Date: Wed, 29 Mar 2023 14:23:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=oj9lik168n; expires=Thu, 30-Mar-2023 14:23:24 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=oj9lik168n-oj9lik168n-p2-h9wj-8rwj-2tx9-he4k-1d3a46; expires=Thu, 30-Mar-2023 14:23:24 GMT; Max-Age=86400; path=/; secure; SameSite=none
Location: https://bo2217ok3tro9.com/1/?lpkey=16c2804a1077012704&uclick=oj9lik168n&uclickhash=oj9lik168n-oj9lik168n-p2-h9wj-8rwj-2tx9-he4k-1d3a46
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000
bo2217ok3tro9.com/1/?lpkey=16c2804a1077012704&uclick=oj9lik168n&uclickhash=oj9lik168n-oj9lik168n-p2-h9wj-8rwj-2tx9-he4k-1d3a46
78.46.92.254200 OK 1.4 kB URL HTTP/1.1 bo2217ok3tro9.com/1/?lpkey=16c2804a1077012704&uclick=oj9lik168n&uclickhash=oj9lik168n-oj9lik168n-p2-h9wj-8rwj-2tx9-he4k-1d3a46
IP 78.46.92.254:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 0bbb113ff85b78b6485a9783946e6948
8663005f0ad88c2a768937edb56177387103594d
70c7e9fa94eb5b8fb5b61e0ee25167ace062bea13773331f7d02814822fbf004
GET /1/?lpkey=16c2804a1077012704&uclick=oj9lik168n&uclickhash=oj9lik168n-oj9lik168n-p2-h9wj-8rwj-2tx9-he4k-1d3a46 HTTP/1.1
Host: bo2217ok3tro9.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Wed, 29 Mar 2023 14:23:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f963800b69e4efd29c7389de243002ae
24d5d79582fc3d78e1e7fdd40ea8713083605cf3
ce00c7bfaed0249e80deca031fefb6074f803d85b81086705f868c0e7e89ca57
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:23:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js
216.58.207.228200 OK 556 B URL HTTP/2 www.google.com/recaptcha/api.js
IP 216.58.207.228:0
File type ASCII text, with very long lines (850), with no line terminators
Hash 96cdecb9778a09f65c6d23dff412fb67
c0364916c9d6a7eef2d01e5c9378e7d8acdb1faa
1a5b861d652f80c7ab9e4abb56eab3de9ccb5a019c2111888594aee405f1e45c
GET /recaptcha/api.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bo2217ok3tro9.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Wed, 29 Mar 2023 14:23:25 GMT
date: Wed, 29 Mar 2023 14:23:25 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 556
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 69d033c232e94b122a0b66e4733f1d57
dca98865e28271c9eafc7307850dbce5126c1a86
d80b57ddab8c2898af0939a454bb1296abd2f964c3bf3eaea2bab7c225d73490
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:23:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
whairtoa.com/4/4138880
139.45.197.238200 OK 12 kB IP 139.45.197.238:0
Hash 8514a796fbc259673b3310c61f91058f
5dae83832263864a507df9d0317a986a69937ff2
1966649658764ed75980389d4cbc55e1a38b27bc05b9d509d0afc5b38b652503
GET /4/4138880 HTTP/1.1
Host: whairtoa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 29 Mar 2023 14:23:23 GMT
content-type: text/html; charset=utf8
x-trace-id: 81eddcef890d349cd837490dead7ee53
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
access-control-allow-credentials: true
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=068c912218dd4f3aa5889a10f7c3a034; expires=Thu, 28 Mar 2024 14:23:23 GMT; path=/; secure; SameSite=None
oaidts=1680099803; expires=Thu, 28 Mar 2024 14:23:23 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *, *
access-control-allow-methods: GET, POST, OPTIONS, POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Accept, Content-Type, Content-Length, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-547JG5H
142.250.74.168200 OK 40 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-547JG5H
IP 142.250.74.168:0
File type ASCII text, with very long lines (2206)
Hash 356a93b7efbe70b5821d476feb2a0ddb
5df45dae64a29fc545b9da5494233b5ba8bff3f1
ed82e7a6dc7a13f3e1847956f65ba51f8aedcabacb28fb301223acc2c9ebddda
GET /gtm.js?id=GTM-547JG5H HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bo2217ok3tro9.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 29 Mar 2023 14:23:25 GMT
expires: Wed, 29 Mar 2023 14:23:25 GMT
cache-control: private, max-age=900
last-modified: Wed, 29 Mar 2023 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 39752
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e10c0c62a68346a599a245ad2d85fbbe
a79383efdb28292b6e2112da2344915a97eb7888
b239a83a0672895d5960617bba31f4404a4c103eec12d4e975aaf51204e1f953
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:23:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
unpkg.com/axios@1.3.4/dist/axios.min.js
104.16.123.175200 OK 74 kB URL HTTP/2 unpkg.com/axios@1.3.4/dist/axios.min.js
IP 104.16.123.175:0
File type ASCII text, with very long lines (31556)
Hash 84cc48b2ffd72908cca28247483feeac
4755d71adc2884e6de95d5125357071b8011e818
3e8f9690a16f9aa513439de5fec8128b308d413e8fb3b7bcd2abd8036d004151
GET /axios@1.3.4/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bo2217ok3tro9.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 29 Mar 2023 14:23:25 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"7b6b-klAOkX2xUwYgvQjwva/+jvZTWJ8"
via: 1.1 fly.io
fly-request-id: 01GSXFKVN7XPGV27JZ46PGZMKM-fra
cf-cache-status: HIT
age: 2999360
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7af8c545effb069b-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e74baca1ac97b7e56ede5d3c6275b0b6
42d00f7402dff5c40a733d0b13d0bf97f779d072
d270ad25df7752707d30a41ddd2aef306c10d0396baccaa25ffd98fb148acaf8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:23:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bo2217ok3tro9.com/favicon.png
78.46.92.254404 Not Found 114 B URL HTTP/1.1 bo2217ok3tro9.com/favicon.png
IP 78.46.92.254:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash b9841984dca9ab290d79563f36ae6d8d
35a6cc4edf0c92bd155144871968659dafb4d1c3
546c212f587bf539f97ed64bbc3ae6c09bd7ee64976e71f091df859c217a0c14
GET /favicon.png HTTP/1.1
Host: bo2217ok3tro9.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bo2217ok3tro9.com/1/?lpkey=16c2804a1077012704&uclick=oj9lik168n&uclickhash=oj9lik168n-oj9lik168n-p2-h9wj-8rwj-2tx9-he4k-1d3a46
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 404 Not Found
Server: nginx/1.22.0
Date: Wed, 29 Mar 2023 14:23:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
www.gstatic.com/recaptcha/releases/vpEprwpCoBMgy-fvZET0Mz6L/recaptcha__en.js
142.250.74.35200 OK 166 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/vpEprwpCoBMgy-fvZET0Mz6L/recaptcha__en.js
IP 142.250.74.35:0
File type HTML document, ASCII text, with very long lines (597)
Size 166 kB (166058 bytes)
Hash 4043af37a3392a9db521ff9ab62d9608
83828688e7a2259ed2f77345851a16122383b422
ee076822f35390ee382cda71759a2eec8f4db2bc18e4e3acd586173c29dab321
GET /recaptcha/releases/vpEprwpCoBMgy-fvZET0Mz6L/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bo2217ok3tro9.com
Connection: keep-alive
Referer: https://bo2217ok3tro9.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 166058
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 27 Mar 2023 11:09:56 GMT
expires: Tue, 26 Mar 2024 11:09:56 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 20 Mar 2023 04:02:00 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 184409
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10867
Expires: Wed, 29 Mar 2023 17:24:32 GMT
Date: Wed, 29 Mar 2023 14:23:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10867
Expires: Wed, 29 Mar 2023 17:24:32 GMT
Date: Wed, 29 Mar 2023 14:23:25 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe33435-058f-4c07-8501-76bf9d99a4ac.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe33435-058f-4c07-8501-76bf9d99a4ac.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d9b904645a97752fd0cd185af9f33b13
06b9705ae857def62553d8ef6c5380d656a94805
5c80b9c2ba29659bcf7be241a1e54343711882433668d4105ca668fc11e2ce6f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe33435-058f-4c07-8501-76bf9d99a4ac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8878
x-amzn-requestid: c0674742-96aa-4fe9-bc66-f9c952d8a920
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CORKVFOPoAMFX8g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641bfbdb-0555f3c75321ad1e42f06c8f;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 07:12:27 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: zx44rtiZRjKKLeG1qM3ABJYWg1TWDF0t6W33AzJoucdH6G4DABBqMg==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 42ef990e439ae115ff739f04e3945234.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 22:53:21 GMT
age: 55804
etag: "06b9705ae857def62553d8ef6c5380d656a94805"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 195589ff3c6c50463257f10da16de114
7119aeba010d5c5c224fa544feff6f1761739929
dbb5774621e0eee6f9641f6078a650a78d281019726ade7a52c150f0988cd12b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DBB5774621E0EEE6F9641F6078A650A78D281019726ADE7A52C150F0988CD12B"
Last-Modified: Wed, 29 Mar 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10867
Expires: Wed, 29 Mar 2023 17:24:32 GMT
Date: Wed, 29 Mar 2023 14:23:25 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0794d5a0-7014-425b-9ea0-5dca44ddb4dd.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0794d5a0-7014-425b-9ea0-5dca44ddb4dd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ef54a1ed997cc09495edb102ccdf6803
f5637efb37b5eecff77e60e6bcf5f599991f334f
fa76d7a82dc15baf02b207cea874d1332c20a0ebe1eea99929a6f2746608412c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0794d5a0-7014-425b-9ea0-5dca44ddb4dd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8745
x-amzn-requestid: e1d8dab6-4c15-4752-b528-21854c93a11c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CguJ5Hy5oAMFyAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235d72-4bd62c8472f7257a155b2a80;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:34:42 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: FHONNj6M7I5oVTKAKYspq0ZAJMYohURXs5ufSL-r--zCSdjuSvrpSA==
via: 1.1 8f251d23da31b683c3c9d6fad6ca944c.cloudfront.net (CloudFront), 1.1 49cdeca097624936e070b73619df7da8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:51:37 GMT
age: 59508
etag: "f5637efb37b5eecff77e60e6bcf5f599991f334f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d713593-a582-498a-b202-20cddce4f8c4.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d713593-a582-498a-b202-20cddce4f8c4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fd1bc71c7e9eed7c086d752ea8b4b992
02a74cf88501d65b3dfcceb5adc79fd93ce785ed
a9a423d347533322d4d3ba90ee5fca5ca32f8d540f744ea2621deeda46df89f3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d713593-a582-498a-b202-20cddce4f8c4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7605
x-amzn-requestid: b7628073-4eb3-4ef6-b7d0-0224e0a75601
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CguY8GFPoAMFebQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235dd2-445041c74356c54053f772a1;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:36:18 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 2LLHDcPZsSP1XPxH7agC7FhVwQQXfrWq3CEOSz0mBTjGykXxNQIq9Q==
via: 1.1 ffc1e24c06bfbb135c0a4d240b382048.cloudfront.net (CloudFront), 1.1 536063cb28bfc05fcb7a78183dd89b72.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:56:00 GMT
age: 59245
etag: "02a74cf88501d65b3dfcceb5adc79fd93ce785ed"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6469f625-03ad-45a7-a918-5f220169711a.png
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6469f625-03ad-45a7-a918-5f220169711a.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e828b7227de7aa7a7b7c54c96e0cef9a
9a717142ab25dabf9123485ef51ed586662d2a71
0390f8771432de010cc11e11be2e2dfa7c303664858a5b066e66a628a1f3dd66
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6469f625-03ad-45a7-a918-5f220169711a.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8553
x-amzn-requestid: 05cb5115-a27b-485a-89fd-670bdb5bb06f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbofHHPIAMFkQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220c9c-774bb5d725336b35088e2527;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:32 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: NcKs_URb5dFDbkEoCqy2_fjKWneX7mifmEbd5MA5unqkhiPAIH9GPg==
via: 1.1 22ea0ab0881473261b786ecbb5e00f54.cloudfront.net (CloudFront), 1.1 aa623e134417515bd2496cb01d5e5626.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:53:29 GMT
age: 59396
etag: "9a717142ab25dabf9123485ef51ed586662d2a71"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85885238-8732-476a-b37c-1eac5dbc3e90.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85885238-8732-476a-b37c-1eac5dbc3e90.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 253f48aa7cbf667d52cb37fda10cdb1f
e29478b866f90402b48d2b516d01d60a863c9cf9
b4a73ab71250b9e4a3f95e28dbf50dd000e1f338c7c3ac9f3351c1f6d6d3bfff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85885238-8732-476a-b37c-1eac5dbc3e90.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6049
x-amzn-requestid: 2d1a2a66-8b63-44f0-83ec-10628a5fcac6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CgvBFFMGIAMFhCg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64235ed3-2a90bf0365925acb3b348489;Sampled=0
x-amzn-remapped-date: Tue, 28 Mar 2023 21:40:35 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: -XwoHom5AT8j5yHNvfnYQ-9xIqVpsyDffwFM0d_ESJicJvL8pTcABg==
via: 1.1 c28e01aa413e9ea602538ccda1511062.cloudfront.net (CloudFront), 1.1 536063cb28bfc05fcb7a78183dd89b72.cloudfront.net (CloudFront), 1.1 google
date: Tue, 28 Mar 2023 21:50:28 GMT
age: 59577
etag: "e29478b866f90402b48d2b516d01d60a863c9cf9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e74baca1ac97b7e56ede5d3c6275b0b6
42d00f7402dff5c40a733d0b13d0bf97f779d072
d270ad25df7752707d30a41ddd2aef306c10d0396baccaa25ffd98fb148acaf8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 29 Mar 2023 14:23:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2b185c2d-7167-4369-8cd8-7c5017834382.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2b185c2d-7167-4369-8cd8-7c5017834382.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 088ee9246dd360ff8df1cfd861295d39
6e224650d4c0315d8218e2522fc9a0f1ca81799f
48ae55b65f6bb6f15580d28adc558b96086fb293fef375e7ab57944bf4301ae1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2b185c2d-7167-4369-8cd8-7c5017834382.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7466
x-amzn-requestid: 229ed535-832e-4328-bafd-0cf2dec18fbe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CdbqLF8-IAMFzcw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64220ca7-61d293a52a1a02130d0ffa53;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 21:37:43 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Vv1wV3qd-r8C4ca3ISCAUfERPrEWFeTGKFgK8Zo1tnrAYdzMQW0Yug==
via: 1.1 c28e01aa413e9ea602538ccda1511062.cloudfront.net (CloudFront), 1.1 1570d93226c1bbca2ebaad510cff3e0c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 29 Mar 2023 00:46:09 GMT
age: 49036
etag: "6e224650d4c0315d8218e2522fc9a0f1ca81799f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.131200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.131:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 10:26:41 GMT
expires: Sat, 23 Mar 2024 10:26:41 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
age: 446204
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F008df6b4-92c5-423a-a32e-4ab5016464ba.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F008df6b4-92c5-423a-a32e-4ab5016464ba.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e5d955ec5d3a9f655e4ca0523acfd039
e8b2cd28a02a2cee1b4e57c57570f2598721ff57
e7753ef91d6f04dce00f83cb1ba3ea4f1abb52140993fbee375e506597cee529
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F008df6b4-92c5-423a-a32e-4ab5016464ba.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 6970
x-amzn-requestid: 9f7a82d7-dbba-4c67-a330-6a7f2b68177d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cdn3zGn7oAMFwNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64222031-1d97c16f7a9c163c02fe72ac;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 23:01:05 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: STLqzl2xjL7mJeo0QUqFzw7JVbcHbq26pB_O2PnGA-8IC_-4VSdI-Q==
via: 1.1 185f4b03b711932fc7e735c08fdc5abe.cloudfront.net (CloudFront), 1.1 b4085435efbe95a420f374958bd145be.cloudfront.net (CloudFront), 1.1 google
date: Wed, 29 Mar 2023 07:34:04 GMT
age: 24568
etag: "e8b2cd28a02a2cee1b4e57c57570f2598721ff57"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
unpkg.com/axios/dist/axios.min.js
104.16.123.175302 Found 0 B URL HTTP/2 unpkg.com/axios/dist/axios.min.js
IP 104.16.123.175:0
GET /axios/dist/axios.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bo2217ok3tro9.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 29 Mar 2023 14:23:25 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /axios@1.3.4/dist/axios.min.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GWPVKW7ZCVJAD00QFT1K1JDD-fra
cf-cache-status: HIT
age: 432
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7af8c545cfdb069b-OSL
X-Firefox-Spdy: h2
discordvoicebot.xyz/%D8%AA%D9%88%D8%B5%D9%8A%D9%84.html
188.114.97.1200 OK 0 B URL HTTP/2 discordvoicebot.xyz/%D8%AA%D9%88%D8%B5%D9%8A%D9%84.html
IP 188.114.97.1:0
Analyzer Verdict Alert fortinet Phishing
GET /%D8%AA%D9%88%D8%B5%D9%8A%D9%84.html HTTP/1.1
Host: discordvoicebot.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Wed, 29 Mar 2023 14:23:23 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
content-language: ar-SA
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: same-origin
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: HIT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SMkeAZTZbYqDMsIokEPIUj6htSRzAxVxhR2bgAUslc2p%2B57xlndKtgFhCcCySEkZKlzd3QrXoL8Sbg5CE67cH18ssoMOHqrNggFlqhYtrlWZiZBLU6cVELZjweJipla1pznHvXHL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7af8c539dcb50b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Lato:400,700,400italic&display=swap
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Lato:400,700,400italic&display=swap
IP 142.250.74.106:0
GET /css?family=Lato:400,700,400italic&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 29 Mar 2023 14:23:23 GMT
date: Wed, 29 Mar 2023 14:23:23 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2