r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 9cce060ddc316540d079e6816a1e7412
709a74969d1996d2b35ef0f7f34ae18455169f1e
6d58b895476c9ab451d8fc51df98809adca445bc6e9d720430e80a0c85242879
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D58B895476C9AB451D8FC51DF98809ADCA445BC6E9D720430E80A0C85242879"
Last-Modified: Sun, 25 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8082
Expires: Tue, 27 Dec 2022 08:12:28 GMT
Date: Tue, 27 Dec 2022 05:57:46 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash fb20c18681040b740ab1730562beb45c
abedefb801b0e13987d6619a77e0368771f9dfcb
288c1832db391da57e3d74ffa893ec2c47ef9c1945f85b88473c563b55a3dfb3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "288C1832DB391DA57E3D74FFA893EC2C47EF9C1945F85B88473C563B55A3DFB3"
Last-Modified: Sun, 25 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4711
Expires: Tue, 27 Dec 2022 07:16:17 GMT
Date: Tue, 27 Dec 2022 05:57:46 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Content-Length, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 27 Dec 2022 05:35:05 GMT
content-type: application/json
age: 1361
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
nightenjoy.xyz/
66.29.132.67301 Moved Permanently 707 B IP 66.29.132.67:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: nightenjoy.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Tue, 27 Dec 2022 05:57:46 GMT
server: LiteSpeed
location: https://nightenjoy.xyz/
x-turbo-charged-by: LiteSpeed
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash c298d0b2a05562a7ece94adf3589dacd
266befe104baa47e94fe0b9d00d10f96518b6525
a00a7433c6ee020d40e43fb5c821b8f2b835107852be361317fd2dfdcc4f0a15
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A00A7433C6EE020D40E43FB5C821B8F2B835107852BE361317FD2DFDCC4F0A15"
Last-Modified: Sun, 25 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8165
Expires: Tue, 27 Dec 2022 08:13:51 GMT
Date: Tue, 27 Dec 2022 05:57:46 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: LfuEJ3QOSYoFIADb6q6AJmXQqr52M+7XdFFsS/CdSsDtV5ytI57CR8139RTo67RlPT2nZWL2lq0=
x-amz-request-id: Y1CM6E87YJ4KNXBM
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 27 Dec 2022 05:55:37 GMT
age: 129
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Dec 2022 05:57:47 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Pragma, Last-Modified, Expires, Alert, Content-Type, Retry-After, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 27 Dec 2022 05:33:30 GMT
age: 1457
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 66431c213b3a8d75768a3c5943fe418a
b7d468c7e78bd50c8369eccab3659a17d25fa618
42b4ecd154fde553283b302a406b62031548579474d6a9aa164de0eb329bbfe1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 27 Dec 2022 05:57:47 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 25 Dec 2022 13:40:20 GMT
Expires: Sun, 01 Jan 2023 13:40:19 GMT
Etag: "b7d468c7e78bd50c8369eccab3659a17d25fa618"
Cache-Control: max-age=459151,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77ffd21aedf9b4f9-OSL
nightenjoy.xyz/
66.29.132.67200 OK 231 B IP 66.29.132.67:0
File type HTML document, ASCII text
Hash ce92c1d82fe283e66ab7533393862402
c32acfb8ca96b92f218e84e83896ab860e5eafd0
96bd13952dad4e9701cd2591207e984a83331e5e094f9c10b173dba723d2f076
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: nightenjoy.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-type: text/html
last-modified: Sun, 25 Dec 2022 04:39:08 GMT
accept-ranges: bytes
content-length: 231
date: Tue, 27 Dec 2022 05:57:47 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 68ee4e2891b5a52719997e4ef8cb7aab
ae2e49eff010551d7f3dcf005a51530ee2910480
2bae50a834a34f248f6a79cf6f191dcf709c24b884f2d3da7fa43985c6b2d48b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2064
Cache-Control: max-age=99805
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:57:47 GMT
Etag: "63a96428-1d7"
Expires: Wed, 28 Dec 2022 09:41:12 GMT
Last-Modified: Mon, 26 Dec 2022 09:06:48 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.43.158.219101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.43.158.219:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 1osupUALDtoGFFjVUUMCYA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: QS6F2p0eyCBay4+o9f30sSB7LlY=
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 72a360a05b4891b25c3ed85ac86b6216
c2f8544eb0ab750456a8be16112ad87a15e9c647
ee013d0e087547bc61450761bca1bc2b289da01bc955b9eceeaff6b831fd1321
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EE013D0E087547BC61450761BCA1BC2B289DA01BC955B9ECEEAFF6B831FD1321"
Last-Modified: Sun, 25 Dec 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 27 Dec 2022 11:57:48 GMT
Date: Tue, 27 Dec 2022 05:57:48 GMT
Connection: keep-alive
bdabjdi.naughtymets.com/s/624d49cbe024f
178.162.199.80200 OK 1.9 kB URL HTTP/1.1 bdabjdi.naughtymets.com/s/624d49cbe024f
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 3564433c283b8cbaa5e5a35fef02174f
bcce49d3f51d72fe20d4a516772f67babaf73dbe
beddf9dd15cc70b1e583d0701fdf6b2c8b68e93e2042870dec50b013d30343e6
Analyzer Verdict Alert fortinet Phishing
GET /s/624d49cbe024f HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://nightenjoy.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Tue, 27 Dec 2022 05:57:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: s=gpQVRVb1Efde4HCSr2320d7WLVh0w0jJno5vWbaSaCekSauu8O4kzkYkzZjECyBljrZ3qXGYVeX%2B8QADDn6XqiB%2BNvinHuNb%2FRS47%2BB4xICNK5LJMAPEHKtQDDVsLQAtI4vPfHl5Pa5OrjnDtsf0%2FU2h2LmdQPYeJi4O%2FRcL9BGNHLjUGH6QnwU6Mwsu01z6egrqz9ib%2FtkOtneekneio26xTO8r90%2FbdSoANj4FhLC9wRKdWBC4QOiW0T64z0hlHYmeHvKVuqYBOS%2BePDlsR%2BBo3I7OLHe2y8pEj6ueu13rYv7JMz62GdiT5zmHXu6n07vHMNCb51TbA1Gg0EarLzLnfw9Ry8Zuba5besHhfnph6kpEfkbZlVaR5dLyEuA5nv9gdiU0S5mZzNK8HKUTxNIjYbTNhZ5qgP3kMTiRARQod6UngabTYXmWiY%2FicMkqHnanakFrKe%2FgBPLjCVJ8GQavJ%2BVWpAjnmtx03YK1pZjq%2Fq1QrQAOSCpt%2FONAn%2FYlRWJ%2FQlZylPepog5YFTYCmXI2ur3u7YsLleLtLptt8OzVQrQRVPOBbrHRvJL5y75ZsGl22Cw0BQqibSwk3ojLioaQo0NqnNF5t7hv3OfxndtoruYEmql3IEd6Xd5W9BU4HWyKVqOFOXEaJH%2Fn1F6vdMkQyDNswTffMi%2FkukC0iwk0aHYUE1HM2aupNGaZEFixxb7LuEfD5PQpQmXQc9rNbYXFASlg8MI0KYIIYgP%2FNlS2kQ4wq2q5eQdYtN90Y4E1iOV2gMTkGfwI7B%2BNMwFvlwLEZYX%2BuX9Kg982VmGW9%2FUSLCmP5SeYXzrhGxzJXKJHvd5iGemdKZcYR7u53IWVFN3YZGTRbzn6f6sJ9Ve7iK%2FZkg8W%2F9H6bWChmPV5%2FctG%2Fn6o9mzF7oYRySk1IjOwLAc4MU6mRjhN83n6YrsOVq%2FqvIPslauawlbYSYQmMjOELBzzq0Ybn8%2FUmSFQ9I9DFVbcRMEbhaRIwv7wnpRHHI7WQFNe%2BaC7h9gIYiwB3Apztx0YuYf246wxRijvf1L7o01ylIGNUZOi4L4%2B75aXtnEqBnPy2KSHuQY%2BIWInXtDM6BBpIu38%2FgiTZAEkRzuu2kXOt%2B%2Fv26HTPmehjs8XZMHyp6TZFPrE81713c1jw34tY%2F7C8H60aKEK5dMRcveX2tnX7tJPLPvpqeaZKJ9xYccVn2QTtWWXGuCr72e6yYYU8k7%2BvKdpm9MLv%2F5pqE6it1Nna%2BJ32F4QcF9yl4tfNqTrtaM5uAtXUtzlm6%2B8n3sKUfFKmRMUNFtuILlcaPlOmYl2j%2BEnPcQI06hcq3SdWIcHHtMXPen%2FX%2Fnl%2F6RNUNQwJ7IqxRQse39x60gHQ2JK0kLCi30TcovNpCFAaFgGDqH5hOQaWzgkm4v%2FC%2B8jViLyqqOypyRyzAcBnELAUx7VBWedMM%2Bm%2FyropIt1Pm7j5FA7LLyEHh0k88v3%2FPowreS8Sg7LmRi20sA5uhgxwX6dIoP5wrozokSn529XeXeqVrM%2BF8EMk4WUgTz48%2Fpxh9RiCe2VsebOmZHeTvXCATuieUlHmbUNwtPY; expires=Wed, 28-Dec-2022 05:57:48 GMT; Max-Age=86400; path=/; domain=naughtymets.com
SID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=naughtymets.com
ESID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=naughtymets.com
Content-Encoding: gzip
bdabjdi.naughtymets.com/bundle/343/assets/css/style.css
178.162.199.80200 OK 7.0 kB URL HTTP/1.1 bdabjdi.naughtymets.com/bundle/343/assets/css/style.css
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type ASCII text, with CRLF line terminators
Hash d5002b22f74b3ffbb36142417535ae09
6f86da6c79b5432649a47f4e520eea677da8e457
e3f3db8ec545f578599a7d301982393b47a937d23931e8cb9fb9b08a2bf5212e
GET /bundle/343/assets/css/style.css HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/624d49cbe024f
Cookie: s=gpQVRVb1Efde4HCSr2320d7WLVh0w0jJno5vWbaSaCekSauu8O4kzkYkzZjECyBljrZ3qXGYVeX%2B8QADDn6XqiB%2BNvinHuNb%2FRS47%2BB4xICNK5LJMAPEHKtQDDVsLQAtI4vPfHl5Pa5OrjnDtsf0%2FU2h2LmdQPYeJi4O%2FRcL9BGNHLjUGH6QnwU6Mwsu01z6egrqz9ib%2FtkOtneekneio26xTO8r90%2FbdSoANj4FhLC9wRKdWBC4QOiW0T64z0hlHYmeHvKVuqYBOS%2BePDlsR%2BBo3I7OLHe2y8pEj6ueu13rYv7JMz62GdiT5zmHXu6n07vHMNCb51TbA1Gg0EarLzLnfw9Ry8Zuba5besHhfnph6kpEfkbZlVaR5dLyEuA5nv9gdiU0S5mZzNK8HKUTxNIjYbTNhZ5qgP3kMTiRARQod6UngabTYXmWiY%2FicMkqHnanakFrKe%2FgBPLjCVJ8GQavJ%2BVWpAjnmtx03YK1pZjq%2Fq1QrQAOSCpt%2FONAn%2FYlRWJ%2FQlZylPepog5YFTYCmXI2ur3u7YsLleLtLptt8OzVQrQRVPOBbrHRvJL5y75ZsGl22Cw0BQqibSwk3ojLioaQo0NqnNF5t7hv3OfxndtoruYEmql3IEd6Xd5W9BU4HWyKVqOFOXEaJH%2Fn1F6vdMkQyDNswTffMi%2FkukC0iwk0aHYUE1HM2aupNGaZEFixxb7LuEfD5PQpQmXQc9rNbYXFASlg8MI0KYIIYgP%2FNlS2kQ4wq2q5eQdYtN90Y4E1iOV2gMTkGfwI7B%2BNMwFvlwLEZYX%2BuX9Kg982VmGW9%2FUSLCmP5SeYXzrhGxzJXKJHvd5iGemdKZcYR7u53IWVFN3YZGTRbzn6f6sJ9Ve7iK%2FZkg8W%2F9H6bWChmPV5%2FctG%2Fn6o9mzF7oYRySk1IjOwLAc4MU6mRjhN83n6YrsOVq%2FqvIPslauawlbYSYQmMjOELBzzq0Ybn8%2FUmSFQ9I9DFVbcRMEbhaRIwv7wnpRHHI7WQFNe%2BaC7h9gIYiwB3Apztx0YuYf246wxRijvf1L7o01ylIGNUZOi4L4%2B75aXtnEqBnPy2KSHuQY%2BIWInXtDM6BBpIu38%2FgiTZAEkRzuu2kXOt%2B%2Fv26HTPmehjs8XZMHyp6TZFPrE81713c1jw34tY%2F7C8H60aKEK5dMRcveX2tnX7tJPLPvpqeaZKJ9xYccVn2QTtWWXGuCr72e6yYYU8k7%2BvKdpm9MLv%2F5pqE6it1Nna%2BJ32F4QcF9yl4tfNqTrtaM5uAtXUtzlm6%2B8n3sKUfFKmRMUNFtuILlcaPlOmYl2j%2BEnPcQI06hcq3SdWIcHHtMXPen%2FX%2Fnl%2F6RNUNQwJ7IqxRQse39x60gHQ2JK0kLCi30TcovNpCFAaFgGDqH5hOQaWzgkm4v%2FC%2B8jViLyqqOypyRyzAcBnELAUx7VBWedMM%2Bm%2FyropIt1Pm7j5FA7LLyEHh0k88v3%2FPowreS8Sg7LmRi20sA5uhgxwX6dIoP5wrozokSn529XeXeqVrM%2BF8EMk4WUgTz48%2Fpxh9RiCe2VsebOmZHeTvXCATuieUlHmbUNwtPY
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Tue, 27 Dec 2022 05:57:48 GMT
Content-Type: text/css
Content-Length: 7047
Connection: keep-alive
Last-Modified: Sun, 19 Jul 2020 05:52:26 GMT
Vary: Accept-Encoding
ETag: "5f13df9a-1b87"
Accept-Ranges: bytes
bdabjdi.naughtymets.com/bundle/343/assets/js/functions.js
178.162.199.80200 OK 1.3 kB URL HTTP/1.1 bdabjdi.naughtymets.com/bundle/343/assets/js/functions.js
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type ASCII text, with CRLF line terminators
Hash 0f08070c8301c605e00292fc31c3ee6e
9148cf2b7799c3142e4f4f2ada6006a70b4fb579
74c8bc5828d0eb6816571dc9b6d7e9c821bfb57eb3a97976d7635bbd79500c5d
Analyzer Verdict Alert fortinet Phishing
GET /bundle/343/assets/js/functions.js HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/624d49cbe024f
Cookie: s=gpQVRVb1Efde4HCSr2320d7WLVh0w0jJno5vWbaSaCekSauu8O4kzkYkzZjECyBljrZ3qXGYVeX%2B8QADDn6XqiB%2BNvinHuNb%2FRS47%2BB4xICNK5LJMAPEHKtQDDVsLQAtI4vPfHl5Pa5OrjnDtsf0%2FU2h2LmdQPYeJi4O%2FRcL9BGNHLjUGH6QnwU6Mwsu01z6egrqz9ib%2FtkOtneekneio26xTO8r90%2FbdSoANj4FhLC9wRKdWBC4QOiW0T64z0hlHYmeHvKVuqYBOS%2BePDlsR%2BBo3I7OLHe2y8pEj6ueu13rYv7JMz62GdiT5zmHXu6n07vHMNCb51TbA1Gg0EarLzLnfw9Ry8Zuba5besHhfnph6kpEfkbZlVaR5dLyEuA5nv9gdiU0S5mZzNK8HKUTxNIjYbTNhZ5qgP3kMTiRARQod6UngabTYXmWiY%2FicMkqHnanakFrKe%2FgBPLjCVJ8GQavJ%2BVWpAjnmtx03YK1pZjq%2Fq1QrQAOSCpt%2FONAn%2FYlRWJ%2FQlZylPepog5YFTYCmXI2ur3u7YsLleLtLptt8OzVQrQRVPOBbrHRvJL5y75ZsGl22Cw0BQqibSwk3ojLioaQo0NqnNF5t7hv3OfxndtoruYEmql3IEd6Xd5W9BU4HWyKVqOFOXEaJH%2Fn1F6vdMkQyDNswTffMi%2FkukC0iwk0aHYUE1HM2aupNGaZEFixxb7LuEfD5PQpQmXQc9rNbYXFASlg8MI0KYIIYgP%2FNlS2kQ4wq2q5eQdYtN90Y4E1iOV2gMTkGfwI7B%2BNMwFvlwLEZYX%2BuX9Kg982VmGW9%2FUSLCmP5SeYXzrhGxzJXKJHvd5iGemdKZcYR7u53IWVFN3YZGTRbzn6f6sJ9Ve7iK%2FZkg8W%2F9H6bWChmPV5%2FctG%2Fn6o9mzF7oYRySk1IjOwLAc4MU6mRjhN83n6YrsOVq%2FqvIPslauawlbYSYQmMjOELBzzq0Ybn8%2FUmSFQ9I9DFVbcRMEbhaRIwv7wnpRHHI7WQFNe%2BaC7h9gIYiwB3Apztx0YuYf246wxRijvf1L7o01ylIGNUZOi4L4%2B75aXtnEqBnPy2KSHuQY%2BIWInXtDM6BBpIu38%2FgiTZAEkRzuu2kXOt%2B%2Fv26HTPmehjs8XZMHyp6TZFPrE81713c1jw34tY%2F7C8H60aKEK5dMRcveX2tnX7tJPLPvpqeaZKJ9xYccVn2QTtWWXGuCr72e6yYYU8k7%2BvKdpm9MLv%2F5pqE6it1Nna%2BJ32F4QcF9yl4tfNqTrtaM5uAtXUtzlm6%2B8n3sKUfFKmRMUNFtuILlcaPlOmYl2j%2BEnPcQI06hcq3SdWIcHHtMXPen%2FX%2Fnl%2F6RNUNQwJ7IqxRQse39x60gHQ2JK0kLCi30TcovNpCFAaFgGDqH5hOQaWzgkm4v%2FC%2B8jViLyqqOypyRyzAcBnELAUx7VBWedMM%2Bm%2FyropIt1Pm7j5FA7LLyEHh0k88v3%2FPowreS8Sg7LmRi20sA5uhgxwX6dIoP5wrozokSn529XeXeqVrM%2BF8EMk4WUgTz48%2Fpxh9RiCe2VsebOmZHeTvXCATuieUlHmbUNwtPY
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Tue, 27 Dec 2022 05:57:48 GMT
Content-Type: application/javascript
Content-Length: 1302
Connection: keep-alive
Last-Modified: Sun, 19 Jul 2020 05:52:26 GMT
Vary: Accept-Encoding
ETag: "5f13df9a-516"
Accept-Ranges: bytes
bdabjdi.naughtymets.com/js/click.js?8
178.162.199.80200 OK 5.3 kB URL HTTP/1.1 bdabjdi.naughtymets.com/js/click.js?8
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
Hash 8207d083c909c6386927c5197eff584c
a5f1148a0e9923191d3f8ed4c1750240374af2a9
f71ae9723255b00dcc8e3631fe419cbbb56a80b3034f184ca5292127d7b3eea9
GET /js/click.js?8 HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/624d49cbe024f
Cookie: s=gpQVRVb1Efde4HCSr2320d7WLVh0w0jJno5vWbaSaCekSauu8O4kzkYkzZjECyBljrZ3qXGYVeX%2B8QADDn6XqiB%2BNvinHuNb%2FRS47%2BB4xICNK5LJMAPEHKtQDDVsLQAtI4vPfHl5Pa5OrjnDtsf0%2FU2h2LmdQPYeJi4O%2FRcL9BGNHLjUGH6QnwU6Mwsu01z6egrqz9ib%2FtkOtneekneio26xTO8r90%2FbdSoANj4FhLC9wRKdWBC4QOiW0T64z0hlHYmeHvKVuqYBOS%2BePDlsR%2BBo3I7OLHe2y8pEj6ueu13rYv7JMz62GdiT5zmHXu6n07vHMNCb51TbA1Gg0EarLzLnfw9Ry8Zuba5besHhfnph6kpEfkbZlVaR5dLyEuA5nv9gdiU0S5mZzNK8HKUTxNIjYbTNhZ5qgP3kMTiRARQod6UngabTYXmWiY%2FicMkqHnanakFrKe%2FgBPLjCVJ8GQavJ%2BVWpAjnmtx03YK1pZjq%2Fq1QrQAOSCpt%2FONAn%2FYlRWJ%2FQlZylPepog5YFTYCmXI2ur3u7YsLleLtLptt8OzVQrQRVPOBbrHRvJL5y75ZsGl22Cw0BQqibSwk3ojLioaQo0NqnNF5t7hv3OfxndtoruYEmql3IEd6Xd5W9BU4HWyKVqOFOXEaJH%2Fn1F6vdMkQyDNswTffMi%2FkukC0iwk0aHYUE1HM2aupNGaZEFixxb7LuEfD5PQpQmXQc9rNbYXFASlg8MI0KYIIYgP%2FNlS2kQ4wq2q5eQdYtN90Y4E1iOV2gMTkGfwI7B%2BNMwFvlwLEZYX%2BuX9Kg982VmGW9%2FUSLCmP5SeYXzrhGxzJXKJHvd5iGemdKZcYR7u53IWVFN3YZGTRbzn6f6sJ9Ve7iK%2FZkg8W%2F9H6bWChmPV5%2FctG%2Fn6o9mzF7oYRySk1IjOwLAc4MU6mRjhN83n6YrsOVq%2FqvIPslauawlbYSYQmMjOELBzzq0Ybn8%2FUmSFQ9I9DFVbcRMEbhaRIwv7wnpRHHI7WQFNe%2BaC7h9gIYiwB3Apztx0YuYf246wxRijvf1L7o01ylIGNUZOi4L4%2B75aXtnEqBnPy2KSHuQY%2BIWInXtDM6BBpIu38%2FgiTZAEkRzuu2kXOt%2B%2Fv26HTPmehjs8XZMHyp6TZFPrE81713c1jw34tY%2F7C8H60aKEK5dMRcveX2tnX7tJPLPvpqeaZKJ9xYccVn2QTtWWXGuCr72e6yYYU8k7%2BvKdpm9MLv%2F5pqE6it1Nna%2BJ32F4QcF9yl4tfNqTrtaM5uAtXUtzlm6%2B8n3sKUfFKmRMUNFtuILlcaPlOmYl2j%2BEnPcQI06hcq3SdWIcHHtMXPen%2FX%2Fnl%2F6RNUNQwJ7IqxRQse39x60gHQ2JK0kLCi30TcovNpCFAaFgGDqH5hOQaWzgkm4v%2FC%2B8jViLyqqOypyRyzAcBnELAUx7VBWedMM%2Bm%2FyropIt1Pm7j5FA7LLyEHh0k88v3%2FPowreS8Sg7LmRi20sA5uhgxwX6dIoP5wrozokSn529XeXeqVrM%2BF8EMk4WUgTz48%2Fpxh9RiCe2VsebOmZHeTvXCATuieUlHmbUNwtPY
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Tue, 27 Dec 2022 05:57:48 GMT
Content-Type: application/javascript
Content-Length: 5260
Connection: keep-alive
Last-Modified: Fri, 23 Dec 2022 12:52:41 GMT
Vary: Accept-Encoding
ETag: "63a5a499-148c"
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ae893eec23998fe856d6ee3df2163a80
d98cb1a1c82c429c2f6fdbbfb7461713c790da7a
24167e8036371493799d6fe42f5e00a0ea2e4a5b7eb70636a269a9aa78d1f712
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:57:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bdabjdi.naughtymets.com/bundle/343/assets/js/jquery.js
178.162.199.80200 OK 86 kB URL HTTP/1.1 bdabjdi.naughtymets.com/bundle/343/assets/js/jquery.js
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type ASCII text, with very long lines (32065)
Hash 2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
Analyzer Verdict Alert fortinet Phishing
GET /bundle/343/assets/js/jquery.js HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/624d49cbe024f
Cookie: s=gpQVRVb1Efde4HCSr2320d7WLVh0w0jJno5vWbaSaCekSauu8O4kzkYkzZjECyBljrZ3qXGYVeX%2B8QADDn6XqiB%2BNvinHuNb%2FRS47%2BB4xICNK5LJMAPEHKtQDDVsLQAtI4vPfHl5Pa5OrjnDtsf0%2FU2h2LmdQPYeJi4O%2FRcL9BGNHLjUGH6QnwU6Mwsu01z6egrqz9ib%2FtkOtneekneio26xTO8r90%2FbdSoANj4FhLC9wRKdWBC4QOiW0T64z0hlHYmeHvKVuqYBOS%2BePDlsR%2BBo3I7OLHe2y8pEj6ueu13rYv7JMz62GdiT5zmHXu6n07vHMNCb51TbA1Gg0EarLzLnfw9Ry8Zuba5besHhfnph6kpEfkbZlVaR5dLyEuA5nv9gdiU0S5mZzNK8HKUTxNIjYbTNhZ5qgP3kMTiRARQod6UngabTYXmWiY%2FicMkqHnanakFrKe%2FgBPLjCVJ8GQavJ%2BVWpAjnmtx03YK1pZjq%2Fq1QrQAOSCpt%2FONAn%2FYlRWJ%2FQlZylPepog5YFTYCmXI2ur3u7YsLleLtLptt8OzVQrQRVPOBbrHRvJL5y75ZsGl22Cw0BQqibSwk3ojLioaQo0NqnNF5t7hv3OfxndtoruYEmql3IEd6Xd5W9BU4HWyKVqOFOXEaJH%2Fn1F6vdMkQyDNswTffMi%2FkukC0iwk0aHYUE1HM2aupNGaZEFixxb7LuEfD5PQpQmXQc9rNbYXFASlg8MI0KYIIYgP%2FNlS2kQ4wq2q5eQdYtN90Y4E1iOV2gMTkGfwI7B%2BNMwFvlwLEZYX%2BuX9Kg982VmGW9%2FUSLCmP5SeYXzrhGxzJXKJHvd5iGemdKZcYR7u53IWVFN3YZGTRbzn6f6sJ9Ve7iK%2FZkg8W%2F9H6bWChmPV5%2FctG%2Fn6o9mzF7oYRySk1IjOwLAc4MU6mRjhN83n6YrsOVq%2FqvIPslauawlbYSYQmMjOELBzzq0Ybn8%2FUmSFQ9I9DFVbcRMEbhaRIwv7wnpRHHI7WQFNe%2BaC7h9gIYiwB3Apztx0YuYf246wxRijvf1L7o01ylIGNUZOi4L4%2B75aXtnEqBnPy2KSHuQY%2BIWInXtDM6BBpIu38%2FgiTZAEkRzuu2kXOt%2B%2Fv26HTPmehjs8XZMHyp6TZFPrE81713c1jw34tY%2F7C8H60aKEK5dMRcveX2tnX7tJPLPvpqeaZKJ9xYccVn2QTtWWXGuCr72e6yYYU8k7%2BvKdpm9MLv%2F5pqE6it1Nna%2BJ32F4QcF9yl4tfNqTrtaM5uAtXUtzlm6%2B8n3sKUfFKmRMUNFtuILlcaPlOmYl2j%2BEnPcQI06hcq3SdWIcHHtMXPen%2FX%2Fnl%2F6RNUNQwJ7IqxRQse39x60gHQ2JK0kLCi30TcovNpCFAaFgGDqH5hOQaWzgkm4v%2FC%2B8jViLyqqOypyRyzAcBnELAUx7VBWedMM%2Bm%2FyropIt1Pm7j5FA7LLyEHh0k88v3%2FPowreS8Sg7LmRi20sA5uhgxwX6dIoP5wrozokSn529XeXeqVrM%2BF8EMk4WUgTz48%2Fpxh9RiCe2VsebOmZHeTvXCATuieUlHmbUNwtPY
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Tue, 27 Dec 2022 05:57:48 GMT
Content-Type: application/javascript
Content-Length: 85578
Connection: keep-alive
Last-Modified: Sun, 19 Jul 2020 05:52:26 GMT
Vary: Accept-Encoding
ETag: "5f13df9a-14e4a"
Accept-Ranges: bytes
bdabjdi.naughtymets.com/bundle/343/assets/img/4k.jpg
178.162.199.80200 OK 46 kB URL HTTP/1.1 bdabjdi.naughtymets.com/bundle/343/assets/img/4k.jpg
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 620x620, components 3\012- data
Hash ed2fe56349612fecd208fe2e6ebbc02f
94352ad9c83687e5d8ebde66550b7c9ce787423e
aec56bbd25def61a86fdf61e505c66ec9feedd70268347664835179f5b561d19
GET /bundle/343/assets/img/4k.jpg HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/624d49cbe024f
Cookie: s=gpQVRVb1Efde4HCSr2320d7WLVh0w0jJno5vWbaSaCekSauu8O4kzkYkzZjECyBljrZ3qXGYVeX%2B8QADDn6XqiB%2BNvinHuNb%2FRS47%2BB4xICNK5LJMAPEHKtQDDVsLQAtI4vPfHl5Pa5OrjnDtsf0%2FU2h2LmdQPYeJi4O%2FRcL9BGNHLjUGH6QnwU6Mwsu01z6egrqz9ib%2FtkOtneekneio26xTO8r90%2FbdSoANj4FhLC9wRKdWBC4QOiW0T64z0hlHYmeHvKVuqYBOS%2BePDlsR%2BBo3I7OLHe2y8pEj6ueu13rYv7JMz62GdiT5zmHXu6n07vHMNCb51TbA1Gg0EarLzLnfw9Ry8Zuba5besHhfnph6kpEfkbZlVaR5dLyEuA5nv9gdiU0S5mZzNK8HKUTxNIjYbTNhZ5qgP3kMTiRARQod6UngabTYXmWiY%2FicMkqHnanakFrKe%2FgBPLjCVJ8GQavJ%2BVWpAjnmtx03YK1pZjq%2Fq1QrQAOSCpt%2FONAn%2FYlRWJ%2FQlZylPepog5YFTYCmXI2ur3u7YsLleLtLptt8OzVQrQRVPOBbrHRvJL5y75ZsGl22Cw0BQqibSwk3ojLioaQo0NqnNF5t7hv3OfxndtoruYEmql3IEd6Xd5W9BU4HWyKVqOFOXEaJH%2Fn1F6vdMkQyDNswTffMi%2FkukC0iwk0aHYUE1HM2aupNGaZEFixxb7LuEfD5PQpQmXQc9rNbYXFASlg8MI0KYIIYgP%2FNlS2kQ4wq2q5eQdYtN90Y4E1iOV2gMTkGfwI7B%2BNMwFvlwLEZYX%2BuX9Kg982VmGW9%2FUSLCmP5SeYXzrhGxzJXKJHvd5iGemdKZcYR7u53IWVFN3YZGTRbzn6f6sJ9Ve7iK%2FZkg8W%2F9H6bWChmPV5%2FctG%2Fn6o9mzF7oYRySk1IjOwLAc4MU6mRjhN83n6YrsOVq%2FqvIPslauawlbYSYQmMjOELBzzq0Ybn8%2FUmSFQ9I9DFVbcRMEbhaRIwv7wnpRHHI7WQFNe%2BaC7h9gIYiwB3Apztx0YuYf246wxRijvf1L7o01ylIGNUZOi4L4%2B75aXtnEqBnPy2KSHuQY%2BIWInXtDM6BBpIu38%2FgiTZAEkRzuu2kXOt%2B%2Fv26HTPmehjs8XZMHyp6TZFPrE81713c1jw34tY%2F7C8H60aKEK5dMRcveX2tnX7tJPLPvpqeaZKJ9xYccVn2QTtWWXGuCr72e6yYYU8k7%2BvKdpm9MLv%2F5pqE6it1Nna%2BJ32F4QcF9yl4tfNqTrtaM5uAtXUtzlm6%2B8n3sKUfFKmRMUNFtuILlcaPlOmYl2j%2BEnPcQI06hcq3SdWIcHHtMXPen%2FX%2Fnl%2F6RNUNQwJ7IqxRQse39x60gHQ2JK0kLCi30TcovNpCFAaFgGDqH5hOQaWzgkm4v%2FC%2B8jViLyqqOypyRyzAcBnELAUx7VBWedMM%2Bm%2FyropIt1Pm7j5FA7LLyEHh0k88v3%2FPowreS8Sg7LmRi20sA5uhgxwX6dIoP5wrozokSn529XeXeqVrM%2BF8EMk4WUgTz48%2Fpxh9RiCe2VsebOmZHeTvXCATuieUlHmbUNwtPY
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Tue, 27 Dec 2022 05:57:48 GMT
Content-Type: image/jpeg
Content-Length: 45692
Connection: keep-alive
Last-Modified: Sun, 19 Jul 2020 05:52:26 GMT
ETag: "5f13df9a-b27c"
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ae893eec23998fe856d6ee3df2163a80
d98cb1a1c82c429c2f6fdbbfb7461713c790da7a
24167e8036371493799d6fe42f5e00a0ea2e4a5b7eb70636a269a9aa78d1f712
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:57:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bdabjdi.naughtymets.com/bundle/343/assets/img/3k.jpg
178.162.199.80200 OK 33 kB URL HTTP/1.1 bdabjdi.naughtymets.com/bundle/343/assets/img/3k.jpg
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 620x620, components 3\012- data
Hash a66815ce1439259be87d0288fc00baa6
c95f125b3e867a716545ab6a94cea6cc270031cb
6b5c1ed44a068de8c213c700b0900f36f4294bf24e46bfacb98e94fa9b120ca7
GET /bundle/343/assets/img/3k.jpg HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/624d49cbe024f
Cookie: s=gpQVRVb1Efde4HCSr2320d7WLVh0w0jJno5vWbaSaCekSauu8O4kzkYkzZjECyBljrZ3qXGYVeX%2B8QADDn6XqiB%2BNvinHuNb%2FRS47%2BB4xICNK5LJMAPEHKtQDDVsLQAtI4vPfHl5Pa5OrjnDtsf0%2FU2h2LmdQPYeJi4O%2FRcL9BGNHLjUGH6QnwU6Mwsu01z6egrqz9ib%2FtkOtneekneio26xTO8r90%2FbdSoANj4FhLC9wRKdWBC4QOiW0T64z0hlHYmeHvKVuqYBOS%2BePDlsR%2BBo3I7OLHe2y8pEj6ueu13rYv7JMz62GdiT5zmHXu6n07vHMNCb51TbA1Gg0EarLzLnfw9Ry8Zuba5besHhfnph6kpEfkbZlVaR5dLyEuA5nv9gdiU0S5mZzNK8HKUTxNIjYbTNhZ5qgP3kMTiRARQod6UngabTYXmWiY%2FicMkqHnanakFrKe%2FgBPLjCVJ8GQavJ%2BVWpAjnmtx03YK1pZjq%2Fq1QrQAOSCpt%2FONAn%2FYlRWJ%2FQlZylPepog5YFTYCmXI2ur3u7YsLleLtLptt8OzVQrQRVPOBbrHRvJL5y75ZsGl22Cw0BQqibSwk3ojLioaQo0NqnNF5t7hv3OfxndtoruYEmql3IEd6Xd5W9BU4HWyKVqOFOXEaJH%2Fn1F6vdMkQyDNswTffMi%2FkukC0iwk0aHYUE1HM2aupNGaZEFixxb7LuEfD5PQpQmXQc9rNbYXFASlg8MI0KYIIYgP%2FNlS2kQ4wq2q5eQdYtN90Y4E1iOV2gMTkGfwI7B%2BNMwFvlwLEZYX%2BuX9Kg982VmGW9%2FUSLCmP5SeYXzrhGxzJXKJHvd5iGemdKZcYR7u53IWVFN3YZGTRbzn6f6sJ9Ve7iK%2FZkg8W%2F9H6bWChmPV5%2FctG%2Fn6o9mzF7oYRySk1IjOwLAc4MU6mRjhN83n6YrsOVq%2FqvIPslauawlbYSYQmMjOELBzzq0Ybn8%2FUmSFQ9I9DFVbcRMEbhaRIwv7wnpRHHI7WQFNe%2BaC7h9gIYiwB3Apztx0YuYf246wxRijvf1L7o01ylIGNUZOi4L4%2B75aXtnEqBnPy2KSHuQY%2BIWInXtDM6BBpIu38%2FgiTZAEkRzuu2kXOt%2B%2Fv26HTPmehjs8XZMHyp6TZFPrE81713c1jw34tY%2F7C8H60aKEK5dMRcveX2tnX7tJPLPvpqeaZKJ9xYccVn2QTtWWXGuCr72e6yYYU8k7%2BvKdpm9MLv%2F5pqE6it1Nna%2BJ32F4QcF9yl4tfNqTrtaM5uAtXUtzlm6%2B8n3sKUfFKmRMUNFtuILlcaPlOmYl2j%2BEnPcQI06hcq3SdWIcHHtMXPen%2FX%2Fnl%2F6RNUNQwJ7IqxRQse39x60gHQ2JK0kLCi30TcovNpCFAaFgGDqH5hOQaWzgkm4v%2FC%2B8jViLyqqOypyRyzAcBnELAUx7VBWedMM%2Bm%2FyropIt1Pm7j5FA7LLyEHh0k88v3%2FPowreS8Sg7LmRi20sA5uhgxwX6dIoP5wrozokSn529XeXeqVrM%2BF8EMk4WUgTz48%2Fpxh9RiCe2VsebOmZHeTvXCATuieUlHmbUNwtPY
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Tue, 27 Dec 2022 05:57:48 GMT
Content-Type: image/jpeg
Content-Length: 32842
Connection: keep-alive
Last-Modified: Sun, 19 Jul 2020 05:52:26 GMT
ETag: "5f13df9a-804a"
Accept-Ranges: bytes
fonts.googleapis.com/css?family=Lato&display=swap
142.250.74.106200 OK 82 kB URL HTTP/2 fonts.googleapis.com/css?family=Lato&display=swap
IP 142.250.74.106:0
Hash 9953c6a3aa9a0d9ab170f9847d3f8a74
5ebf2356ee6a80cbf875e70f88887b03f0286b53
457591b0d8414ba7efc3efaf8bf05dfe0d3a2f50d73c64477455edd20fcae211
GET /css?family=Lato&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 27 Dec 2022 05:57:48 GMT
date: Tue, 27 Dec 2022 05:57:48 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bdabjdi.naughtymets.com/bundle/343/assets/img/1k.jpg
178.162.199.80200 OK 54 kB URL HTTP/1.1 bdabjdi.naughtymets.com/bundle/343/assets/img/1k.jpg
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 620x620, components 3\012- data
Hash 891bd8edafa58a57a905cb1cc9c49bff
36560046ed59a2b2e4b678b7a69ff8ce3342e6c8
1124945d1b3467717d897e5728c4691fec6cc06bbebe48b586fa613fd299a423
GET /bundle/343/assets/img/1k.jpg HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/624d49cbe024f
Cookie: s=gpQVRVb1Efde4HCSr2320d7WLVh0w0jJno5vWbaSaCekSauu8O4kzkYkzZjECyBljrZ3qXGYVeX%2B8QADDn6XqiB%2BNvinHuNb%2FRS47%2BB4xICNK5LJMAPEHKtQDDVsLQAtI4vPfHl5Pa5OrjnDtsf0%2FU2h2LmdQPYeJi4O%2FRcL9BGNHLjUGH6QnwU6Mwsu01z6egrqz9ib%2FtkOtneekneio26xTO8r90%2FbdSoANj4FhLC9wRKdWBC4QOiW0T64z0hlHYmeHvKVuqYBOS%2BePDlsR%2BBo3I7OLHe2y8pEj6ueu13rYv7JMz62GdiT5zmHXu6n07vHMNCb51TbA1Gg0EarLzLnfw9Ry8Zuba5besHhfnph6kpEfkbZlVaR5dLyEuA5nv9gdiU0S5mZzNK8HKUTxNIjYbTNhZ5qgP3kMTiRARQod6UngabTYXmWiY%2FicMkqHnanakFrKe%2FgBPLjCVJ8GQavJ%2BVWpAjnmtx03YK1pZjq%2Fq1QrQAOSCpt%2FONAn%2FYlRWJ%2FQlZylPepog5YFTYCmXI2ur3u7YsLleLtLptt8OzVQrQRVPOBbrHRvJL5y75ZsGl22Cw0BQqibSwk3ojLioaQo0NqnNF5t7hv3OfxndtoruYEmql3IEd6Xd5W9BU4HWyKVqOFOXEaJH%2Fn1F6vdMkQyDNswTffMi%2FkukC0iwk0aHYUE1HM2aupNGaZEFixxb7LuEfD5PQpQmXQc9rNbYXFASlg8MI0KYIIYgP%2FNlS2kQ4wq2q5eQdYtN90Y4E1iOV2gMTkGfwI7B%2BNMwFvlwLEZYX%2BuX9Kg982VmGW9%2FUSLCmP5SeYXzrhGxzJXKJHvd5iGemdKZcYR7u53IWVFN3YZGTRbzn6f6sJ9Ve7iK%2FZkg8W%2F9H6bWChmPV5%2FctG%2Fn6o9mzF7oYRySk1IjOwLAc4MU6mRjhN83n6YrsOVq%2FqvIPslauawlbYSYQmMjOELBzzq0Ybn8%2FUmSFQ9I9DFVbcRMEbhaRIwv7wnpRHHI7WQFNe%2BaC7h9gIYiwB3Apztx0YuYf246wxRijvf1L7o01ylIGNUZOi4L4%2B75aXtnEqBnPy2KSHuQY%2BIWInXtDM6BBpIu38%2FgiTZAEkRzuu2kXOt%2B%2Fv26HTPmehjs8XZMHyp6TZFPrE81713c1jw34tY%2F7C8H60aKEK5dMRcveX2tnX7tJPLPvpqeaZKJ9xYccVn2QTtWWXGuCr72e6yYYU8k7%2BvKdpm9MLv%2F5pqE6it1Nna%2BJ32F4QcF9yl4tfNqTrtaM5uAtXUtzlm6%2B8n3sKUfFKmRMUNFtuILlcaPlOmYl2j%2BEnPcQI06hcq3SdWIcHHtMXPen%2FX%2Fnl%2F6RNUNQwJ7IqxRQse39x60gHQ2JK0kLCi30TcovNpCFAaFgGDqH5hOQaWzgkm4v%2FC%2B8jViLyqqOypyRyzAcBnELAUx7VBWedMM%2Bm%2FyropIt1Pm7j5FA7LLyEHh0k88v3%2FPowreS8Sg7LmRi20sA5uhgxwX6dIoP5wrozokSn529XeXeqVrM%2BF8EMk4WUgTz48%2Fpxh9RiCe2VsebOmZHeTvXCATuieUlHmbUNwtPY
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Tue, 27 Dec 2022 05:57:48 GMT
Content-Type: image/jpeg
Content-Length: 54367
Connection: keep-alive
Last-Modified: Sun, 19 Jul 2020 05:52:26 GMT
ETag: "5f13df9a-d45f"
Accept-Ranges: bytes
bdabjdi.naughtymets.com/bundle/343/assets/img/6k.jpg
178.162.199.80200 OK 64 kB URL HTTP/1.1 bdabjdi.naughtymets.com/bundle/343/assets/img/6k.jpg
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 620x620, components 3\012- data
Hash 4397bf4aa46e98f9ac7de6987efd0e8d
40fe5d8dc212a034a2d66442a4242ee09bc641ab
26f4a2eba9a991d422f99988d4ae22e17826c87874305239fdb85e19751ce8ee
GET /bundle/343/assets/img/6k.jpg HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/624d49cbe024f
Cookie: s=gpQVRVb1Efde4HCSr2320d7WLVh0w0jJno5vWbaSaCekSauu8O4kzkYkzZjECyBljrZ3qXGYVeX%2B8QADDn6XqiB%2BNvinHuNb%2FRS47%2BB4xICNK5LJMAPEHKtQDDVsLQAtI4vPfHl5Pa5OrjnDtsf0%2FU2h2LmdQPYeJi4O%2FRcL9BGNHLjUGH6QnwU6Mwsu01z6egrqz9ib%2FtkOtneekneio26xTO8r90%2FbdSoANj4FhLC9wRKdWBC4QOiW0T64z0hlHYmeHvKVuqYBOS%2BePDlsR%2BBo3I7OLHe2y8pEj6ueu13rYv7JMz62GdiT5zmHXu6n07vHMNCb51TbA1Gg0EarLzLnfw9Ry8Zuba5besHhfnph6kpEfkbZlVaR5dLyEuA5nv9gdiU0S5mZzNK8HKUTxNIjYbTNhZ5qgP3kMTiRARQod6UngabTYXmWiY%2FicMkqHnanakFrKe%2FgBPLjCVJ8GQavJ%2BVWpAjnmtx03YK1pZjq%2Fq1QrQAOSCpt%2FONAn%2FYlRWJ%2FQlZylPepog5YFTYCmXI2ur3u7YsLleLtLptt8OzVQrQRVPOBbrHRvJL5y75ZsGl22Cw0BQqibSwk3ojLioaQo0NqnNF5t7hv3OfxndtoruYEmql3IEd6Xd5W9BU4HWyKVqOFOXEaJH%2Fn1F6vdMkQyDNswTffMi%2FkukC0iwk0aHYUE1HM2aupNGaZEFixxb7LuEfD5PQpQmXQc9rNbYXFASlg8MI0KYIIYgP%2FNlS2kQ4wq2q5eQdYtN90Y4E1iOV2gMTkGfwI7B%2BNMwFvlwLEZYX%2BuX9Kg982VmGW9%2FUSLCmP5SeYXzrhGxzJXKJHvd5iGemdKZcYR7u53IWVFN3YZGTRbzn6f6sJ9Ve7iK%2FZkg8W%2F9H6bWChmPV5%2FctG%2Fn6o9mzF7oYRySk1IjOwLAc4MU6mRjhN83n6YrsOVq%2FqvIPslauawlbYSYQmMjOELBzzq0Ybn8%2FUmSFQ9I9DFVbcRMEbhaRIwv7wnpRHHI7WQFNe%2BaC7h9gIYiwB3Apztx0YuYf246wxRijvf1L7o01ylIGNUZOi4L4%2B75aXtnEqBnPy2KSHuQY%2BIWInXtDM6BBpIu38%2FgiTZAEkRzuu2kXOt%2B%2Fv26HTPmehjs8XZMHyp6TZFPrE81713c1jw34tY%2F7C8H60aKEK5dMRcveX2tnX7tJPLPvpqeaZKJ9xYccVn2QTtWWXGuCr72e6yYYU8k7%2BvKdpm9MLv%2F5pqE6it1Nna%2BJ32F4QcF9yl4tfNqTrtaM5uAtXUtzlm6%2B8n3sKUfFKmRMUNFtuILlcaPlOmYl2j%2BEnPcQI06hcq3SdWIcHHtMXPen%2FX%2Fnl%2F6RNUNQwJ7IqxRQse39x60gHQ2JK0kLCi30TcovNpCFAaFgGDqH5hOQaWzgkm4v%2FC%2B8jViLyqqOypyRyzAcBnELAUx7VBWedMM%2Bm%2FyropIt1Pm7j5FA7LLyEHh0k88v3%2FPowreS8Sg7LmRi20sA5uhgxwX6dIoP5wrozokSn529XeXeqVrM%2BF8EMk4WUgTz48%2Fpxh9RiCe2VsebOmZHeTvXCATuieUlHmbUNwtPY
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Tue, 27 Dec 2022 05:57:48 GMT
Content-Type: image/jpeg
Content-Length: 64243
Connection: keep-alive
Last-Modified: Sun, 19 Jul 2020 05:52:26 GMT
ETag: "5f13df9a-faf3"
Accept-Ranges: bytes
bdabjdi.naughtymets.com/bundle/343/assets/img/5k.jpg
178.162.199.80200 OK 74 kB URL HTTP/1.1 bdabjdi.naughtymets.com/bundle/343/assets/img/5k.jpg
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 620x620, components 3\012- data
Hash 8caae1bd31eaba57dd37493bd5f3e9ad
bfc7fc50fa53aee0cabafa72a29c8b8665f2d074
c0020d3e076498a290b97d7adefc90f0398e53e0a28f55f91ed119e56b1bab85
GET /bundle/343/assets/img/5k.jpg HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/624d49cbe024f
Cookie: s=gpQVRVb1Efde4HCSr2320d7WLVh0w0jJno5vWbaSaCekSauu8O4kzkYkzZjECyBljrZ3qXGYVeX%2B8QADDn6XqiB%2BNvinHuNb%2FRS47%2BB4xICNK5LJMAPEHKtQDDVsLQAtI4vPfHl5Pa5OrjnDtsf0%2FU2h2LmdQPYeJi4O%2FRcL9BGNHLjUGH6QnwU6Mwsu01z6egrqz9ib%2FtkOtneekneio26xTO8r90%2FbdSoANj4FhLC9wRKdWBC4QOiW0T64z0hlHYmeHvKVuqYBOS%2BePDlsR%2BBo3I7OLHe2y8pEj6ueu13rYv7JMz62GdiT5zmHXu6n07vHMNCb51TbA1Gg0EarLzLnfw9Ry8Zuba5besHhfnph6kpEfkbZlVaR5dLyEuA5nv9gdiU0S5mZzNK8HKUTxNIjYbTNhZ5qgP3kMTiRARQod6UngabTYXmWiY%2FicMkqHnanakFrKe%2FgBPLjCVJ8GQavJ%2BVWpAjnmtx03YK1pZjq%2Fq1QrQAOSCpt%2FONAn%2FYlRWJ%2FQlZylPepog5YFTYCmXI2ur3u7YsLleLtLptt8OzVQrQRVPOBbrHRvJL5y75ZsGl22Cw0BQqibSwk3ojLioaQo0NqnNF5t7hv3OfxndtoruYEmql3IEd6Xd5W9BU4HWyKVqOFOXEaJH%2Fn1F6vdMkQyDNswTffMi%2FkukC0iwk0aHYUE1HM2aupNGaZEFixxb7LuEfD5PQpQmXQc9rNbYXFASlg8MI0KYIIYgP%2FNlS2kQ4wq2q5eQdYtN90Y4E1iOV2gMTkGfwI7B%2BNMwFvlwLEZYX%2BuX9Kg982VmGW9%2FUSLCmP5SeYXzrhGxzJXKJHvd5iGemdKZcYR7u53IWVFN3YZGTRbzn6f6sJ9Ve7iK%2FZkg8W%2F9H6bWChmPV5%2FctG%2Fn6o9mzF7oYRySk1IjOwLAc4MU6mRjhN83n6YrsOVq%2FqvIPslauawlbYSYQmMjOELBzzq0Ybn8%2FUmSFQ9I9DFVbcRMEbhaRIwv7wnpRHHI7WQFNe%2BaC7h9gIYiwB3Apztx0YuYf246wxRijvf1L7o01ylIGNUZOi4L4%2B75aXtnEqBnPy2KSHuQY%2BIWInXtDM6BBpIu38%2FgiTZAEkRzuu2kXOt%2B%2Fv26HTPmehjs8XZMHyp6TZFPrE81713c1jw34tY%2F7C8H60aKEK5dMRcveX2tnX7tJPLPvpqeaZKJ9xYccVn2QTtWWXGuCr72e6yYYU8k7%2BvKdpm9MLv%2F5pqE6it1Nna%2BJ32F4QcF9yl4tfNqTrtaM5uAtXUtzlm6%2B8n3sKUfFKmRMUNFtuILlcaPlOmYl2j%2BEnPcQI06hcq3SdWIcHHtMXPen%2FX%2Fnl%2F6RNUNQwJ7IqxRQse39x60gHQ2JK0kLCi30TcovNpCFAaFgGDqH5hOQaWzgkm4v%2FC%2B8jViLyqqOypyRyzAcBnELAUx7VBWedMM%2Bm%2FyropIt1Pm7j5FA7LLyEHh0k88v3%2FPowreS8Sg7LmRi20sA5uhgxwX6dIoP5wrozokSn529XeXeqVrM%2BF8EMk4WUgTz48%2Fpxh9RiCe2VsebOmZHeTvXCATuieUlHmbUNwtPY
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Tue, 27 Dec 2022 05:57:48 GMT
Content-Type: image/jpeg
Content-Length: 73730
Connection: keep-alive
Last-Modified: Sun, 19 Jul 2020 05:52:26 GMT
ETag: "5f13df9a-12002"
Accept-Ranges: bytes
bdabjdi.naughtymets.com/bundle/343/assets/img/2k.jpg
178.162.199.80200 OK 49 kB URL HTTP/1.1 bdabjdi.naughtymets.com/bundle/343/assets/img/2k.jpg
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 620x620, components 3\012- data
Hash f04372e0d038a14b25ce40eaccab06a9
a6ef1e6194e4843559cafad30d38e7650bc83df3
67963849ad79125161e36c550fea229cd1ba5b533f392194d79813d113b6d0c4
GET /bundle/343/assets/img/2k.jpg HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/624d49cbe024f
Cookie: s=gpQVRVb1Efde4HCSr2320d7WLVh0w0jJno5vWbaSaCekSauu8O4kzkYkzZjECyBljrZ3qXGYVeX%2B8QADDn6XqiB%2BNvinHuNb%2FRS47%2BB4xICNK5LJMAPEHKtQDDVsLQAtI4vPfHl5Pa5OrjnDtsf0%2FU2h2LmdQPYeJi4O%2FRcL9BGNHLjUGH6QnwU6Mwsu01z6egrqz9ib%2FtkOtneekneio26xTO8r90%2FbdSoANj4FhLC9wRKdWBC4QOiW0T64z0hlHYmeHvKVuqYBOS%2BePDlsR%2BBo3I7OLHe2y8pEj6ueu13rYv7JMz62GdiT5zmHXu6n07vHMNCb51TbA1Gg0EarLzLnfw9Ry8Zuba5besHhfnph6kpEfkbZlVaR5dLyEuA5nv9gdiU0S5mZzNK8HKUTxNIjYbTNhZ5qgP3kMTiRARQod6UngabTYXmWiY%2FicMkqHnanakFrKe%2FgBPLjCVJ8GQavJ%2BVWpAjnmtx03YK1pZjq%2Fq1QrQAOSCpt%2FONAn%2FYlRWJ%2FQlZylPepog5YFTYCmXI2ur3u7YsLleLtLptt8OzVQrQRVPOBbrHRvJL5y75ZsGl22Cw0BQqibSwk3ojLioaQo0NqnNF5t7hv3OfxndtoruYEmql3IEd6Xd5W9BU4HWyKVqOFOXEaJH%2Fn1F6vdMkQyDNswTffMi%2FkukC0iwk0aHYUE1HM2aupNGaZEFixxb7LuEfD5PQpQmXQc9rNbYXFASlg8MI0KYIIYgP%2FNlS2kQ4wq2q5eQdYtN90Y4E1iOV2gMTkGfwI7B%2BNMwFvlwLEZYX%2BuX9Kg982VmGW9%2FUSLCmP5SeYXzrhGxzJXKJHvd5iGemdKZcYR7u53IWVFN3YZGTRbzn6f6sJ9Ve7iK%2FZkg8W%2F9H6bWChmPV5%2FctG%2Fn6o9mzF7oYRySk1IjOwLAc4MU6mRjhN83n6YrsOVq%2FqvIPslauawlbYSYQmMjOELBzzq0Ybn8%2FUmSFQ9I9DFVbcRMEbhaRIwv7wnpRHHI7WQFNe%2BaC7h9gIYiwB3Apztx0YuYf246wxRijvf1L7o01ylIGNUZOi4L4%2B75aXtnEqBnPy2KSHuQY%2BIWInXtDM6BBpIu38%2FgiTZAEkRzuu2kXOt%2B%2Fv26HTPmehjs8XZMHyp6TZFPrE81713c1jw34tY%2F7C8H60aKEK5dMRcveX2tnX7tJPLPvpqeaZKJ9xYccVn2QTtWWXGuCr72e6yYYU8k7%2BvKdpm9MLv%2F5pqE6it1Nna%2BJ32F4QcF9yl4tfNqTrtaM5uAtXUtzlm6%2B8n3sKUfFKmRMUNFtuILlcaPlOmYl2j%2BEnPcQI06hcq3SdWIcHHtMXPen%2FX%2Fnl%2F6RNUNQwJ7IqxRQse39x60gHQ2JK0kLCi30TcovNpCFAaFgGDqH5hOQaWzgkm4v%2FC%2B8jViLyqqOypyRyzAcBnELAUx7VBWedMM%2Bm%2FyropIt1Pm7j5FA7LLyEHh0k88v3%2FPowreS8Sg7LmRi20sA5uhgxwX6dIoP5wrozokSn529XeXeqVrM%2BF8EMk4WUgTz48%2Fpxh9RiCe2VsebOmZHeTvXCATuieUlHmbUNwtPY
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Tue, 27 Dec 2022 05:57:48 GMT
Content-Type: image/jpeg
Content-Length: 49411
Connection: keep-alive
Last-Modified: Sun, 19 Jul 2020 05:52:26 GMT
ETag: "5f13df9a-c103"
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7f2ed0d8a18af500682ec994cd3a5e15
48032c29ccc60c09f0c003042d059e83ea493ecb
8c49d81420b293298bd75222f60fbc608c322b36944963d93b6a15b12bcb0e8b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:57:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
216.58.207.227200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bdabjdi.naughtymets.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 23 Dec 2022 13:33:12 GMT
expires: Sat, 23 Dec 2023 13:33:12 GMT
cache-control: public, max-age=31536000
age: 318276
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bdabjdi.naughtymets.com/js/fp2.min.js
178.162.199.80200 OK 31 kB URL HTTP/1.1 bdabjdi.naughtymets.com/js/fp2.min.js
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type ASCII text, with very long lines (30507)
Hash e7d6b85edb141824af8951e19333337c
76600b2cb1978ca24d9fe39b1412f052da855ddb
6e1bf43d1d49858aacd5de53b32b551732bca4b2a46b1f808eb6d6d0f2b70c0e
Analyzer Verdict Alert fortinet Phishing
GET /js/fp2.min.js HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/624d49cbe024f
Cookie: s=gpQVRVb1Efde4HCSr2320d7WLVh0w0jJno5vWbaSaCekSauu8O4kzkYkzZjECyBljrZ3qXGYVeX%2B8QADDn6XqiB%2BNvinHuNb%2FRS47%2BB4xICNK5LJMAPEHKtQDDVsLQAtI4vPfHl5Pa5OrjnDtsf0%2FU2h2LmdQPYeJi4O%2FRcL9BGNHLjUGH6QnwU6Mwsu01z6egrqz9ib%2FtkOtneekneio26xTO8r90%2FbdSoANj4FhLC9wRKdWBC4QOiW0T64z0hlHYmeHvKVuqYBOS%2BePDlsR%2BBo3I7OLHe2y8pEj6ueu13rYv7JMz62GdiT5zmHXu6n07vHMNCb51TbA1Gg0EarLzLnfw9Ry8Zuba5besHhfnph6kpEfkbZlVaR5dLyEuA5nv9gdiU0S5mZzNK8HKUTxNIjYbTNhZ5qgP3kMTiRARQod6UngabTYXmWiY%2FicMkqHnanakFrKe%2FgBPLjCVJ8GQavJ%2BVWpAjnmtx03YK1pZjq%2Fq1QrQAOSCpt%2FONAn%2FYlRWJ%2FQlZylPepog5YFTYCmXI2ur3u7YsLleLtLptt8OzVQrQRVPOBbrHRvJL5y75ZsGl22Cw0BQqibSwk3ojLioaQo0NqnNF5t7hv3OfxndtoruYEmql3IEd6Xd5W9BU4HWyKVqOFOXEaJH%2Fn1F6vdMkQyDNswTffMi%2FkukC0iwk0aHYUE1HM2aupNGaZEFixxb7LuEfD5PQpQmXQc9rNbYXFASlg8MI0KYIIYgP%2FNlS2kQ4wq2q5eQdYtN90Y4E1iOV2gMTkGfwI7B%2BNMwFvlwLEZYX%2BuX9Kg982VmGW9%2FUSLCmP5SeYXzrhGxzJXKJHvd5iGemdKZcYR7u53IWVFN3YZGTRbzn6f6sJ9Ve7iK%2FZkg8W%2F9H6bWChmPV5%2FctG%2Fn6o9mzF7oYRySk1IjOwLAc4MU6mRjhN83n6YrsOVq%2FqvIPslauawlbYSYQmMjOELBzzq0Ybn8%2FUmSFQ9I9DFVbcRMEbhaRIwv7wnpRHHI7WQFNe%2BaC7h9gIYiwB3Apztx0YuYf246wxRijvf1L7o01ylIGNUZOi4L4%2B75aXtnEqBnPy2KSHuQY%2BIWInXtDM6BBpIu38%2FgiTZAEkRzuu2kXOt%2B%2Fv26HTPmehjs8XZMHyp6TZFPrE81713c1jw34tY%2F7C8H60aKEK5dMRcveX2tnX7tJPLPvpqeaZKJ9xYccVn2QTtWWXGuCr72e6yYYU8k7%2BvKdpm9MLv%2F5pqE6it1Nna%2BJ32F4QcF9yl4tfNqTrtaM5uAtXUtzlm6%2B8n3sKUfFKmRMUNFtuILlcaPlOmYl2j%2BEnPcQI06hcq3SdWIcHHtMXPen%2FX%2Fnl%2F6RNUNQwJ7IqxRQse39x60gHQ2JK0kLCi30TcovNpCFAaFgGDqH5hOQaWzgkm4v%2FC%2B8jViLyqqOypyRyzAcBnELAUx7VBWedMM%2Bm%2FyropIt1Pm7j5FA7LLyEHh0k88v3%2FPowreS8Sg7LmRi20sA5uhgxwX6dIoP5wrozokSn529XeXeqVrM%2BF8EMk4WUgTz48%2Fpxh9RiCe2VsebOmZHeTvXCATuieUlHmbUNwtPY; CF=XnknxZtpvs7CixjVj0dCMg__
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Tue, 27 Dec 2022 05:57:48 GMT
Content-Type: application/javascript
Content-Length: 30685
Connection: keep-alive
Last-Modified: Fri, 23 Dec 2022 12:52:41 GMT
Vary: Accept-Encoding
ETag: "63a5a499-77dd"
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7f2ed0d8a18af500682ec994cd3a5e15
48032c29ccc60c09f0c003042d059e83ea493ecb
8c49d81420b293298bd75222f60fbc608c322b36944963d93b6a15b12bcb0e8b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Dec 2022 05:57:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 5b2790419bb1f19fd29300d548278b98
64671f1c88a1271e9bcda28ac13a01e330a2a07e
1ce1ca2a9d6783fa668b57c8764e8c3a17fde26812161af8ce8096b3691b9279
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1CE1CA2A9D6783FA668B57C8764E8C3A17FDE26812161AF8CE8096B3691B9279"
Last-Modified: Sun, 25 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6589
Expires: Tue, 27 Dec 2022 07:47:38 GMT
Date: Tue, 27 Dec 2022 05:57:49 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 5b2790419bb1f19fd29300d548278b98
64671f1c88a1271e9bcda28ac13a01e330a2a07e
1ce1ca2a9d6783fa668b57c8764e8c3a17fde26812161af8ce8096b3691b9279
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1CE1CA2A9D6783FA668B57C8764E8C3A17FDE26812161AF8CE8096B3691B9279"
Last-Modified: Sun, 25 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6589
Expires: Tue, 27 Dec 2022 07:47:38 GMT
Date: Tue, 27 Dec 2022 05:57:49 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 5b2790419bb1f19fd29300d548278b98
64671f1c88a1271e9bcda28ac13a01e330a2a07e
1ce1ca2a9d6783fa668b57c8764e8c3a17fde26812161af8ce8096b3691b9279
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1CE1CA2A9D6783FA668B57C8764E8C3A17FDE26812161AF8CE8096B3691B9279"
Last-Modified: Sun, 25 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6589
Expires: Tue, 27 Dec 2022 07:47:38 GMT
Date: Tue, 27 Dec 2022 05:57:49 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 5b2790419bb1f19fd29300d548278b98
64671f1c88a1271e9bcda28ac13a01e330a2a07e
1ce1ca2a9d6783fa668b57c8764e8c3a17fde26812161af8ce8096b3691b9279
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1CE1CA2A9D6783FA668B57C8764E8C3A17FDE26812161AF8CE8096B3691B9279"
Last-Modified: Sun, 25 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6589
Expires: Tue, 27 Dec 2022 07:47:38 GMT
Date: Tue, 27 Dec 2022 05:57:49 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 5b2790419bb1f19fd29300d548278b98
64671f1c88a1271e9bcda28ac13a01e330a2a07e
1ce1ca2a9d6783fa668b57c8764e8c3a17fde26812161af8ce8096b3691b9279
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1CE1CA2A9D6783FA668B57C8764E8C3A17FDE26812161AF8CE8096B3691B9279"
Last-Modified: Sun, 25 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6589
Expires: Tue, 27 Dec 2022 07:47:38 GMT
Date: Tue, 27 Dec 2022 05:57:49 GMT
Connection: keep-alive
bdabjdi.naughtymets.com/bundle/343/assets/img/favicon.png
178.162.199.80200 OK 1.2 kB URL HTTP/1.1 bdabjdi.naughtymets.com/bundle/343/assets/img/favicon.png
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type PNG image data, 128 x 128, 8-bit colormap, non-interlaced\012- data
Hash e8073cd460e8d7469633099834659549
af524b0e7cb82d90a67602109a550380aa8850dc
77df391534b58f0024b7e60b35b1b595188436e24735a19e943d0d5a7d3fc33f
GET /bundle/343/assets/img/favicon.png HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/624d49cbe024f
Cookie: s=gpQVRVb1Efde4HCSr2320d7WLVh0w0jJno5vWbaSaCekSauu8O4kzkYkzZjECyBljrZ3qXGYVeX%2B8QADDn6XqiB%2BNvinHuNb%2FRS47%2BB4xICNK5LJMAPEHKtQDDVsLQAtI4vPfHl5Pa5OrjnDtsf0%2FU2h2LmdQPYeJi4O%2FRcL9BGNHLjUGH6QnwU6Mwsu01z6egrqz9ib%2FtkOtneekneio26xTO8r90%2FbdSoANj4FhLC9wRKdWBC4QOiW0T64z0hlHYmeHvKVuqYBOS%2BePDlsR%2BBo3I7OLHe2y8pEj6ueu13rYv7JMz62GdiT5zmHXu6n07vHMNCb51TbA1Gg0EarLzLnfw9Ry8Zuba5besHhfnph6kpEfkbZlVaR5dLyEuA5nv9gdiU0S5mZzNK8HKUTxNIjYbTNhZ5qgP3kMTiRARQod6UngabTYXmWiY%2FicMkqHnanakFrKe%2FgBPLjCVJ8GQavJ%2BVWpAjnmtx03YK1pZjq%2Fq1QrQAOSCpt%2FONAn%2FYlRWJ%2FQlZylPepog5YFTYCmXI2ur3u7YsLleLtLptt8OzVQrQRVPOBbrHRvJL5y75ZsGl22Cw0BQqibSwk3ojLioaQo0NqnNF5t7hv3OfxndtoruYEmql3IEd6Xd5W9BU4HWyKVqOFOXEaJH%2Fn1F6vdMkQyDNswTffMi%2FkukC0iwk0aHYUE1HM2aupNGaZEFixxb7LuEfD5PQpQmXQc9rNbYXFASlg8MI0KYIIYgP%2FNlS2kQ4wq2q5eQdYtN90Y4E1iOV2gMTkGfwI7B%2BNMwFvlwLEZYX%2BuX9Kg982VmGW9%2FUSLCmP5SeYXzrhGxzJXKJHvd5iGemdKZcYR7u53IWVFN3YZGTRbzn6f6sJ9Ve7iK%2FZkg8W%2F9H6bWChmPV5%2FctG%2Fn6o9mzF7oYRySk1IjOwLAc4MU6mRjhN83n6YrsOVq%2FqvIPslauawlbYSYQmMjOELBzzq0Ybn8%2FUmSFQ9I9DFVbcRMEbhaRIwv7wnpRHHI7WQFNe%2BaC7h9gIYiwB3Apztx0YuYf246wxRijvf1L7o01ylIGNUZOi4L4%2B75aXtnEqBnPy2KSHuQY%2BIWInXtDM6BBpIu38%2FgiTZAEkRzuu2kXOt%2B%2Fv26HTPmehjs8XZMHyp6TZFPrE81713c1jw34tY%2F7C8H60aKEK5dMRcveX2tnX7tJPLPvpqeaZKJ9xYccVn2QTtWWXGuCr72e6yYYU8k7%2BvKdpm9MLv%2F5pqE6it1Nna%2BJ32F4QcF9yl4tfNqTrtaM5uAtXUtzlm6%2B8n3sKUfFKmRMUNFtuILlcaPlOmYl2j%2BEnPcQI06hcq3SdWIcHHtMXPen%2FX%2Fnl%2F6RNUNQwJ7IqxRQse39x60gHQ2JK0kLCi30TcovNpCFAaFgGDqH5hOQaWzgkm4v%2FC%2B8jViLyqqOypyRyzAcBnELAUx7VBWedMM%2Bm%2FyropIt1Pm7j5FA7LLyEHh0k88v3%2FPowreS8Sg7LmRi20sA5uhgxwX6dIoP5wrozokSn529XeXeqVrM%2BF8EMk4WUgTz48%2Fpxh9RiCe2VsebOmZHeTvXCATuieUlHmbUNwtPY; CF=XnknxZtpvs7CixjVj0dCMg__
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Tue, 27 Dec 2022 05:57:49 GMT
Content-Type: image/png
Content-Length: 1194
Connection: keep-alive
Last-Modified: Sun, 19 Jul 2020 05:52:26 GMT
ETag: "5f13df9a-4aa"
Accept-Ranges: bytes
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f2714bb-b993-4a59-8060-2731a83cad48.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f2714bb-b993-4a59-8060-2731a83cad48.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d1964c05c10407de7a80602733f4e740
ad4906adb14904182746eac5935433fba1c7783c
521aa22be37143a80eb3314f57cf9b99d48a9ad77bebb8012c96464b93530b63
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f2714bb-b993-4a59-8060-2731a83cad48.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9772
x-amzn-requestid: 92ffab03-243e-432f-bbeb-be90fa5e0ee6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dxfYDFvfIAMFajA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63aa1299-7cb9a9b729db72b7550fcf7c;Sampled=0
x-amzn-remapped-date: Mon, 26 Dec 2022 21:31:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MogTHBdmwt6knnv1C_t_LNy98cz8k61YRJqfbHrT8jNGXcj8VQCdYg==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Dec 2022 21:44:56 GMT
age: 29573
etag: "ad4906adb14904182746eac5935433fba1c7783c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7288c653-bb50-4403-a0ed-0b63bcfb8d1d.jpeg
34.120.237.76200 OK 5.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7288c653-bb50-4403-a0ed-0b63bcfb8d1d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 018b8ee828d9bbc1e7d9fb592a46bd45
35337c1d6da6d39e74a141ea8b9a1ffe937b2ae1
632f8cb925865b6e448c87b938170712a8507e50a5777ab58ffd353e8bb3443e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7288c653-bb50-4403-a0ed-0b63bcfb8d1d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5469
x-amzn-requestid: 2431c74d-7cc1-4246-bd21-030864572719
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: du-DdEVroAMFbcg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a9107c-3ed43f2c07ea20dd466c0dbc;Sampled=0
x-amzn-remapped-date: Mon, 26 Dec 2022 03:09:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: AFLt8BL0kgYnuNjYunc2i22uhn3RYvkhMPS4wFlAWabA7pSoJeyzjg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Dec 2022 03:29:53 GMT
age: 8876
etag: "35337c1d6da6d39e74a141ea8b9a1ffe937b2ae1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69c55865-95c6-4d05-a856-6d61c10bd012.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69c55865-95c6-4d05-a856-6d61c10bd012.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a4a7ec0fdc177ed09c8949dcd68efb35
8ad28905291f4a184c0f32292415d1af0db3cead
7862e695c7eea224263bccaabcc54fc337ea533d6f1fafe0426b8699f3880922
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69c55865-95c6-4d05-a856-6d61c10bd012.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7924
x-amzn-requestid: 30d67a34-fa95-4aa8-84d7-7c769a9e7fc6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dxfYgEnNoAMF7ng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63aa129c-743b9f4845f2c6f312463662;Sampled=0
x-amzn-remapped-date: Mon, 26 Dec 2022 21:31:08 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: DARBFo3gGdqpiutH2AJvUFtxyaamlecRtekmlCERttcXoXZ9FNswGg==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Dec 2022 21:45:05 GMT
age: 29564
etag: "8ad28905291f4a184c0f32292415d1af0db3cead"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9fad15f-1e28-43a3-83d8-06aeab608d9f.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9fad15f-1e28-43a3-83d8-06aeab608d9f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a4b903e264b412e69e5f22091bf423ea
92d157f8b56dd0af2ce0f1f5c11b5c90969cf36f
8d5d90968489731604a2286d9e2b9a307147a3cc0b1ffd32f1186ceea9b8fcff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb9fad15f-1e28-43a3-83d8-06aeab608d9f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15371
x-amzn-requestid: 63d10011-ae3d-48fb-b892-26d94dc6ef83
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: diVs8EVDIAMFTOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a4031f-3da712a621773d56567c014f;Sampled=0
x-amzn-remapped-date: Thu, 22 Dec 2022 07:11:27 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UeMu2JuyiBhp1D-T8We8YZFCLFeqnJ0EeAVrLZN047WMREZyCzOOVg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Dec 2022 07:24:36 GMT
age: 81193
etag: "92d157f8b56dd0af2ce0f1f5c11b5c90969cf36f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2802b3e9-0a7b-4384-abe0-5d84d1cde92f.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2802b3e9-0a7b-4384-abe0-5d84d1cde92f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5b5bce6cae03ce2c843809467165891e
71a8a2440c66ae80bf577c4d7f32525b6597ed8f
59b0c452ef6bb9a68f7fb7ee2caca66d66d137f7cd498d1fd88bb5f2f4d90ace
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2802b3e9-0a7b-4384-abe0-5d84d1cde92f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8057
x-amzn-requestid: 3e067f3c-c98a-4aa5-88f0-7ec61df01ea5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dxfXYF20IAMFU5g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63aa1295-0dfe81b80a016e59489b2980;Sampled=0
x-amzn-remapped-date: Mon, 26 Dec 2022 21:31:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hBHFDq1KdoHcwMhNAX16o6ImLf9Xfrci_4t1nvdyuSU9UvxdHX3Weg==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Dec 2022 21:44:56 GMT
age: 29573
etag: "71a8a2440c66ae80bf577c4d7f32525b6597ed8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F305f952f-68d1-4090-b1d7-04817f0a2ab7.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F305f952f-68d1-4090-b1d7-04817f0a2ab7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash be693dc109dd4beeee6f7f3ae2061dae
349168c24483cf12e3c10e176643b5f02316cbf4
2e4cf6b6d7f4e75d4dfd631a76a921734f3824563f039a6da20826d0bb3afc0d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F305f952f-68d1-4090-b1d7-04817f0a2ab7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10281
x-amzn-requestid: 6f952ba1-d992-4521-83f7-ce18a4b75798
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dxfYMFdtIAMFwyA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63aa129a-5b1ad9041a52fc8f049d37eb;Sampled=0
x-amzn-remapped-date: Mon, 26 Dec 2022 21:31:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: H3u62So8Z-Pe1gQiIpOjTUEvozSDuV3d2wZMKlZMDioFrtIwYjrV5Q==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Dec 2022 21:44:56 GMT
age: 29573
etag: "349168c24483cf12e3c10e176643b5f02316cbf4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
bdabjdi.naughtymets.com/s/624d49cbe024f?callback=jQuery224014541981287114425_1672120665131&_=1672120665132
178.162.199.80200 OK 2.2 kB URL HTTP/1.1 bdabjdi.naughtymets.com/s/624d49cbe024f?callback=jQuery224014541981287114425_1672120665131&_=1672120665132
IP 178.162.199.80:0
ASN #28753 Leaseweb Deutschland GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 134ddbcd67b385fed700964bcbcdd63a
fc8b9dc04e5f72e03ac29510df602644e10545e8
ed4787cbfb42fe65764365954825b9dc4c12cff327a485658ce3e2d344c511d1
GET /s/624d49cbe024f?callback=jQuery224014541981287114425_1672120665131&_=1672120665132 HTTP/1.1
Host: bdabjdi.naughtymets.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://bdabjdi.naughtymets.com/s/624d49cbe024f
Cookie: s=gpQVRVb1Efde4HCSr2320d7WLVh0w0jJno5vWbaSaCekSauu8O4kzkYkzZjECyBljrZ3qXGYVeX%2B8QADDn6XqiB%2BNvinHuNb%2FRS47%2BB4xICNK5LJMAPEHKtQDDVsLQAtI4vPfHl5Pa5OrjnDtsf0%2FU2h2LmdQPYeJi4O%2FRcL9BGNHLjUGH6QnwU6Mwsu01z6egrqz9ib%2FtkOtneekneio26xTO8r90%2FbdSoANj4FhLC9wRKdWBC4QOiW0T64z0hlHYmeHvKVuqYBOS%2BePDlsR%2BBo3I7OLHe2y8pEj6ueu13rYv7JMz62GdiT5zmHXu6n07vHMNCb51TbA1Gg0EarLzLnfw9Ry8Zuba5besHhfnph6kpEfkbZlVaR5dLyEuA5nv9gdiU0S5mZzNK8HKUTxNIjYbTNhZ5qgP3kMTiRARQod6UngabTYXmWiY%2FicMkqHnanakFrKe%2FgBPLjCVJ8GQavJ%2BVWpAjnmtx03YK1pZjq%2Fq1QrQAOSCpt%2FONAn%2FYlRWJ%2FQlZylPepog5YFTYCmXI2ur3u7YsLleLtLptt8OzVQrQRVPOBbrHRvJL5y75ZsGl22Cw0BQqibSwk3ojLioaQo0NqnNF5t7hv3OfxndtoruYEmql3IEd6Xd5W9BU4HWyKVqOFOXEaJH%2Fn1F6vdMkQyDNswTffMi%2FkukC0iwk0aHYUE1HM2aupNGaZEFixxb7LuEfD5PQpQmXQc9rNbYXFASlg8MI0KYIIYgP%2FNlS2kQ4wq2q5eQdYtN90Y4E1iOV2gMTkGfwI7B%2BNMwFvlwLEZYX%2BuX9Kg982VmGW9%2FUSLCmP5SeYXzrhGxzJXKJHvd5iGemdKZcYR7u53IWVFN3YZGTRbzn6f6sJ9Ve7iK%2FZkg8W%2F9H6bWChmPV5%2FctG%2Fn6o9mzF7oYRySk1IjOwLAc4MU6mRjhN83n6YrsOVq%2FqvIPslauawlbYSYQmMjOELBzzq0Ybn8%2FUmSFQ9I9DFVbcRMEbhaRIwv7wnpRHHI7WQFNe%2BaC7h9gIYiwB3Apztx0YuYf246wxRijvf1L7o01ylIGNUZOi4L4%2B75aXtnEqBnPy2KSHuQY%2BIWInXtDM6BBpIu38%2FgiTZAEkRzuu2kXOt%2B%2Fv26HTPmehjs8XZMHyp6TZFPrE81713c1jw34tY%2F7C8H60aKEK5dMRcveX2tnX7tJPLPvpqeaZKJ9xYccVn2QTtWWXGuCr72e6yYYU8k7%2BvKdpm9MLv%2F5pqE6it1Nna%2BJ32F4QcF9yl4tfNqTrtaM5uAtXUtzlm6%2B8n3sKUfFKmRMUNFtuILlcaPlOmYl2j%2BEnPcQI06hcq3SdWIcHHtMXPen%2FX%2Fnl%2F6RNUNQwJ7IqxRQse39x60gHQ2JK0kLCi30TcovNpCFAaFgGDqH5hOQaWzgkm4v%2FC%2B8jViLyqqOypyRyzAcBnELAUx7VBWedMM%2Bm%2FyropIt1Pm7j5FA7LLyEHh0k88v3%2FPowreS8Sg7LmRi20sA5uhgxwX6dIoP5wrozokSn529XeXeqVrM%2BF8EMk4WUgTz48%2Fpxh9RiCe2VsebOmZHeTvXCATuieUlHmbUNwtPY; CF=XnknxZtpvs7CixjVj0dCMg__
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: openresty/1.19.3.1
Date: Tue, 27 Dec 2022 05:57:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: s=Q1NOlIKlZX5D42lkuYpX6sfFM3orqph9RwPwf%2BwyVRqn4vkOh7gs6bxNl1hoVPVLvEyIcamklVNcGOL2K64S%2BiB%2BNvinHuNb%2FRS47%2BB4xICNK8oEzk2MTShPARMTXQ1qBAX3wW4Bl8oz7SMrSsvQHyxbsU312dXe%2FfitKEFeDxvWqQyw4VSqnta48j48lpxvLyEftsdXuRDdOaOyVd%2Ft4DOPiJretALKvjC2BE5fNHfaIm9EDRwWowMnGNHOjqG9MtlCKYoZDZW830yZ1u9j1PuKFvlyd8yw22jmwakKvsInAb0ssN6BzNxEZ0MxIzccyqLuyWcf4A28LblEISw5BsrqjF6mlLEZqPB2i%2B26j29jCzMKSx8EKByUJyrEbjVB5P%2F%2B85wldt5Rq9GFGBDwSgJ4VpfPwtMGwB7oyQQO7G7V6j6%2F7iXkA3bJQenGw6U%2BnSGF95H1Zo83WVYjugMEmULqvAtptc%2FeCba5pMHkFu7BZcmf1z0B%2F1rMossonCPwyg8GAamR9U8YknR0KD9Em10%2BwwkkIfMRfSv%2BWgArlI31TT6uTKshv8C4hqXdrtCItPKH7AnASEdywiw6ASCXQb3RrfE4aaHGQMwQAmulXP7%2BmXq77nzpVkZg4zydZlp%2BML5UZk5vUHkfSw8s%2BKA66EgTTr1sKHR4%2F0aa36uYcdxaUz4DGF9XHqt3tX6qVTehhs9CZ%2BvxwF6R%2FYow7%2BnDu5BCMsoGe5PAUVjlmBkG3oSiz0eCl7J7LllnZUw1UNEooKgwpYuT0yy5BlaDI6dSpqwQlavpe%2FNbmyH9El9mu5pIzZeitfu5MsyNdRBKqIDGas8txX86sJ8PtSgAuDczfFMxK1cxBSf923pYYKVKaDviD1OSFATqEsADICU2pS3zGxpl%2FyzndUvJ8hphMM5itPIZS1VPL3HhRWTPifxgrxPcxvoT0x6m0WiNQ65XFl3fMSLhRysSe0V0iuTDmqnNYBbRBiBNZHODTneFwHLAjNgTZdnAwgfpGV5t4b6UTt4QAKpCq%2BULFE%2BHWlULejyoO%2FLQUdsqgY1niVrOOW5FX2qZacAPFk06OhV8G3W0Lcq756a1PrO3g%2FDddK1KG0EilxiLjVZIpnkWEkcQEEXIbKaMfRCm3V9D7SHxvZEt%2FWxsnpVb1NmS6SHI%2FsG4BwQRrTsNv%2FHiS7B0IMESQn%2BkmJ0rkzpyUbeHpptFxD64MwEDgtGK3kMm%2BxbHTbitJPsU5CjzL7BonZMaD2VT4q%2Bwzv4zBmXD73FdGFCWgQz8puLBXg%2BF9dKaSg69yOub%2Ft3c8zei18vsJO633ff9hmRv6pHTk%2F5Dav19KVNov94F%2BJX3J5TS67HxlJZ8Gk1fNNJPd0Nz7n7r240pe3pe2H5bLN9BtnHMW5F1TLKjm7j%2FkdtuphcPLH29YscdxpCpHWu2hCQsrAqmxcghbP%2F33y%2FtXe%2BcX0chQ4MuMaqzSSfdbMccJYv30p77QChonV4%2FXJ79Mx9IODVsFGz%2FOdaE2N105Vu6HjSYGj3HQK7b7yXKU3XbDIIVTAb9fPSQ3gEsq7dGostJPdc2aG2kQNwhUL9evSa7TQ%3D%3D; expires=Wed, 28-Dec-2022 05:57:49 GMT; Max-Age=86400; path=/; domain=naughtymets.com
SID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=naughtymets.com
ESID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=naughtymets.com
Content-Encoding: gzip
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F303678dc-bd95-4d91-9245-9a823889b144.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F303678dc-bd95-4d91-9245-9a823889b144.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ef4da8e896dc66221b42b1ad2d27362d
ee833149ae2e7e3f263d501f88e8d2ee440ccc14
603915645628c23fc3b29eb1eed16b3cc2c8fc1b9954176f2527ccf7e2f3a07e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F303678dc-bd95-4d91-9245-9a823889b144.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 13049
x-amzn-requestid: 45432186-7ea5-4826-8945-29aa4da0770c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dx7BvH1IIAMFZdA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63aa3ed7-2c49291a56867ec902ad573d;Sampled=0
x-amzn-remapped-date: Tue, 27 Dec 2022 00:39:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: VZFnby5iQgyAmqiWMC06NhPmgdZU78jzJPeoC8X_Wbp2zHZJNsdSfg==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Dec 2022 00:42:02 GMT
age: 18953
etag: "ee833149ae2e7e3f263d501f88e8d2ee440ccc14"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2