r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5092
Expires: Sun, 29 Jan 2023 15:11:37 GMT
Date: Sun, 29 Jan 2023 13:46:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3eb88dea4fe00db1182370e72683c3ab
ca520abf1e91bfd2aef40c6a1270a911071e8922
d8083ee567c7b3023111dc30f32c94237df7db30d4d2daaea0a569e8a3069ad7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8083EE567C7B3023111DC30F32C94237DF7DB30D4D2DAAEA0A569E8A3069AD7"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5024
Expires: Sun, 29 Jan 2023 15:10:29 GMT
Date: Sun, 29 Jan 2023 13:46:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 03092d1a1bc7ac91ee342a1a7ab2a562
52db06ce1fd2c74ddd36b6a0a7aee1b5c891600a
03b8ff2629abac9fc30ebec059c2e2018fcbc41646ad5f71c965ff630fbf1ffd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "03B8FF2629ABAC9FC30EBEC059C2E2018FCBC41646AD5F71C965FF630FBF1FFD"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6569
Expires: Sun, 29 Jan 2023 15:36:14 GMT
Date: Sun, 29 Jan 2023 13:46:45 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 29 Jan 2023 13:43:08 GMT
content-type: application/json
age: 217
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: yU4aPS7748qXAzCOxiDI5UoVwBe/E6G0shNrxBuJuvi4K9xsIixmkK0iwFH0ak3HCnW1JMHTrus=
x-amz-request-id: MGQZTZXA7350YGCM
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 29 Jan 2023 12:50:19 GMT
age: 3386
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
1writtedr.com/mTryA990542f9e62830d053ebeb60b2dfc1e78b44b171?q=Win8.1_Pro_x64_12.11.2022.zip
188.72.236.136200 OK 6.2 kB URL HTTP/1.1 1writtedr.com/mTryA990542f9e62830d053ebeb60b2dfc1e78b44b171?q=Win8.1_Pro_x64_12.11.2022.zip
IP 188.72.236.136:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (6170), with no line terminators
Hash c6fea70ca4f01fa77fe763ac4430ec63
938379d56bbfbe879df6f6ca017f3ae6100d608f
7e3672547a8b5f3b4de7a9d5f78b76c7e3549785c2f1edf6927d4201e77ef465
GET /mTryA990542f9e62830d053ebeb60b2dfc1e78b44b171?q=Win8.1_Pro_x64_12.11.2022.zip HTTP/1.1
Host: 1writtedr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 13:46:45 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bd_context=ILS6hX4JTbtsgjAhKv3WAUnDl9/5xoS9C9h8yFkZuU347k0M6/TZ+1YUQe+hcsurFQeqdZ68t6OhTE6mVsdoa0Ei4ppqPsUXUMg95fuX+rXMVdHlt7BW38ViMdWSrHYqy6PzpmF0lPXp535urnWaTKi1mWFdDHDmkIA8dPN9YLsifywWQrhbL2Uhrr5TECNWZ9Iio1ABd2/tmHMqj7t1ZUYq27cB1RHeShbdIpeOLM4zGMMZ/Uo3H4r8PIAVMNlaKTkXFM1AdP25/rMZFztsKzXdDCaI5M8MFtwOJd6l3R94DeMWvn7rs/IbGsNVlkieItXoy/j2HDIStw==; Expires=Mon, 29 Jan 2024 13:46:45 GMT
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 13:46:45 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 29 Jan 2023 12:49:04 GMT
age: 3462
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
1writtedr.com/favicon.ico
188.72.236.136200 OK 43 B URL HTTP/1.1 1writtedr.com/favicon.ico
IP 188.72.236.136:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /favicon.ico HTTP/1.1
Host: 1writtedr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://1writtedr.com/
Connection: keep-alive
Cookie: bd_context=ILS6hX4JTbtsgjAhKv3WAUnDl9/5xoS9C9h8yFkZuU347k0M6/TZ+1YUQe+hcsurFQeqdZ68t6OhTE6mVsdoa0Ei4ppqPsUXUMg95fuX+rXMVdHlt7BW38ViMdWSrHYqy6PzpmF0lPXp535urnWaTKi1mWFdDHDmkIA8dPN9YLsifywWQrhbL2Uhrr5TECNWZ9Iio1ABd2/tmHMqj7t1ZUYq27cB1RHeShbdIpeOLM4zGMMZ/Uo3H4r8PIAVMNlaKTkXFM1AdP25/rMZFztsKzXdDCaI5M8MFtwOJd6l3R94DeMWvn7rs/IbGsNVlkieItXoy/j2HDIStw==
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 29 Jan 2023 13:46:46 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ba5b96886aae11731ab2c7da2157725f
2a774af612701298f2d90884c89a9d3d36286759
b2060054472abd6dc52d9114d522644e7fcca319c91cabe86697361d944bf11d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B2060054472ABD6DC52D9114D522644E7FCCA319C91CABE86697361D944BF11D"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4261
Expires: Sun, 29 Jan 2023 14:57:47 GMT
Date: Sun, 29 Jan 2023 13:46:46 GMT
Connection: keep-alive
czgovd.com/images/bot.png
185.56.234.205200 OK 14 kB URL HTTP/2 czgovd.com/images/bot.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 460 x 145, 8-bit colormap, non-interlaced\012- data
Hash 7805f0839d6287816dd977e11d900d74
b03ca287261623f0b6e4732f83d233f01cf90272
1179d91e241cbea26748f5c37c22e29e7536e7ebdef99a5e0588f52d224097fb
GET /images/bot.png HTTP/1.1
Host: czgovd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://czgovd.com/bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA
Cookie: truniq=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 29 Jan 2023 13:46:46 GMT
content-type: image/png
content-length: 13792
last-modified: Fri, 25 Nov 2022 08:33:14 GMT
etag: "63807dca-35e0"
x-zone: eu4
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3466
Expires: Sun, 29 Jan 2023 14:44:32 GMT
Date: Sun, 29 Jan 2023 13:46:46 GMT
Connection: keep-alive
l7e38.czgovd.com/images/bot.png
185.56.234.205200 OK 14 kB URL HTTP/2 l7e38.czgovd.com/images/bot.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 460 x 145, 8-bit colormap, non-interlaced\012- data
Hash 7805f0839d6287816dd977e11d900d74
b03ca287261623f0b6e4732f83d233f01cf90272
1179d91e241cbea26748f5c37c22e29e7536e7ebdef99a5e0588f52d224097fb
GET /images/bot.png HTTP/1.1
Host: l7e38.czgovd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://l7e38.czgovd.com/bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=1
Cookie: truniq=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 29 Jan 2023 13:46:46 GMT
content-type: image/png
content-length: 13792
last-modified: Fri, 25 Nov 2022 08:33:14 GMT
etag: "63807dca-35e0"
x-zone: eu4
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 8217bf72cf156db08f20b685438513fc
e72391464c33117e01c98bbbb757afb3f943b6ca
06fc28f9c93ff3e59bbfb5c012207e9236661e4b579ca3e20100862cfb4d27a6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3075
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 13:46:46 GMT
Etag: "63d64e2f-117"
Last-Modified: Sun, 29 Jan 2023 12:55:31 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279
ulmoyc.com/v1/sdk.js?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6MiwicG0iOjJ9eyJ&d=czgovd.com&tpl=2&pbd=iOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNpMSI6IjM0MjIyMiIsImNsaWNraWQiOiJBTVY0MW1QT09BVUFXRmNDQUU1UEZ3QU1BQ291RU1JQSIsImFfdGIiOiJodHRwOlwvXC85a2JrZnNmOTkubW9uc3RlclwvYj90b2tlbj01NmNkMGQzZDE5Y2NkZjY0ZTY4YTVmOGE1YzAyZDdiYjczNTkyOTQzJmM9QU1WNDFtUE9PQVVBV0ZjQ0FFNVBGd0FNQUNvdUVNSUEiLCJpIjoiMSJ9eyJwaWQ
172.67.197.128200 OK 4.2 kB URL HTTP/2 ulmoyc.com/v1/sdk.js?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6MiwicG0iOjJ9eyJ&d=czgovd.com&tpl=2&pbd=iOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNpMSI6IjM0MjIyMiIsImNsaWNraWQiOiJBTVY0MW1QT09BVUFXRmNDQUU1UEZ3QU1BQ291RU1JQSIsImFfdGIiOiJodHRwOlwvXC85a2JrZnNmOTkubW9uc3RlclwvYj90b2tlbj01NmNkMGQzZDE5Y2NkZjY0ZTY4YTVmOGE1YzAyZDdiYjczNTkyOTQzJmM9QU1WNDFtUE9PQVVBV0ZjQ0FFNVBGd0FNQUNvdUVNSUEiLCJpIjoiMSJ9eyJwaWQ
IP 172.67.197.128:0
File type ASCII text, with very long lines (11504), with no line terminators
Hash 5f0923106583bce58dfc7d76557f35d8
15d71475d91631813137e01eb9a82b560eb21211
276758b082122f7c2314821b805e56dc5a8d0f1990aa0aad29cf616554e0b6f8
GET /v1/sdk.js?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6MiwicG0iOjJ9eyJ&d=czgovd.com&tpl=2&pbd=iOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNpMSI6IjM0MjIyMiIsImNsaWNraWQiOiJBTVY0MW1QT09BVUFXRmNDQUU1UEZ3QU1BQ291RU1JQSIsImFfdGIiOiJodHRwOlwvXC85a2JrZnNmOTkubW9uc3RlclwvYj90b2tlbj01NmNkMGQzZDE5Y2NkZjY0ZTY4YTVmOGE1YzAyZDdiYjczNTkyOTQzJmM9QU1WNDFtUE9PQVVBV0ZjQ0FFNVBGd0FNQUNvdUVNSUEiLCJpIjoiMSJ9eyJwaWQ HTTP/1.1
Host: ulmoyc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://l7e38.czgovd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 13:46:46 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=14400
access-control-allow-origin: https://czgovd.com
etag: W/"kWX1auKEUlwG6lVies3773frgfA"
x-zone: eu
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1jc3bvptmLHCuOGeVB8zMsvWXscot2K8rnpLOZEosopUqTIh8RrCWaJTad%2BGLaXrP2s372q0v2IbujsyVy704ZT1w03B7xnc%2Bj37aCbpf%2B4fttYgOky7MpT7ZJST"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79126a79dfb0b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.39.57.61101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.39.57.61:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8eRu/XKPO1JKSkp33eoadA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Mm5B0iZxP5+Jf3Zt2ZL7tvtuyg0=
8mec1.czgovd.com/images/bot.png
185.56.234.205200 OK 14 kB URL HTTP/2 8mec1.czgovd.com/images/bot.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 460 x 145, 8-bit colormap, non-interlaced\012- data
Hash 7805f0839d6287816dd977e11d900d74
b03ca287261623f0b6e4732f83d233f01cf90272
1179d91e241cbea26748f5c37c22e29e7536e7ebdef99a5e0588f52d224097fb
GET /images/bot.png HTTP/1.1
Host: 8mec1.czgovd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://8mec1.czgovd.com/bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=2
Cookie: truniq=1; ufp2=fc092fee0e63e001279034ceac86fc7707dbaa05
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 29 Jan 2023 13:46:47 GMT
content-type: image/png
content-length: 13792
last-modified: Fri, 25 Nov 2022 08:33:14 GMT
etag: "63807dca-35e0"
x-zone: eu
accept-ranges: bytes
X-Firefox-Spdy: h2
p8u56.czgovd.com/images/bot.png
185.56.234.205200 OK 14 kB URL HTTP/2 p8u56.czgovd.com/images/bot.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 460 x 145, 8-bit colormap, non-interlaced\012- data
Hash 7805f0839d6287816dd977e11d900d74
b03ca287261623f0b6e4732f83d233f01cf90272
1179d91e241cbea26748f5c37c22e29e7536e7ebdef99a5e0588f52d224097fb
GET /images/bot.png HTTP/1.1
Host: p8u56.czgovd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://p8u56.czgovd.com/bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=3
Cookie: truniq=1; ufp2=fc092fee0e63e001279034ceac86fc7707dbaa05
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 29 Jan 2023 13:46:47 GMT
content-type: image/png
content-length: 13792
last-modified: Fri, 25 Nov 2022 08:33:14 GMT
etag: "63807dca-35e0"
x-zone: eu
accept-ranges: bytes
X-Firefox-Spdy: h2
bndmt.czgovd.com/images/bot.png
185.56.234.205200 OK 14 kB URL HTTP/2 bndmt.czgovd.com/images/bot.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 460 x 145, 8-bit colormap, non-interlaced\012- data
Hash 7805f0839d6287816dd977e11d900d74
b03ca287261623f0b6e4732f83d233f01cf90272
1179d91e241cbea26748f5c37c22e29e7536e7ebdef99a5e0588f52d224097fb
GET /images/bot.png HTTP/1.1
Host: bndmt.czgovd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bndmt.czgovd.com/bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=4
Cookie: truniq=1; ufp2=fc092fee0e63e001279034ceac86fc7707dbaa05
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 29 Jan 2023 13:46:47 GMT
content-type: image/png
content-length: 13792
last-modified: Fri, 25 Nov 2022 08:33:14 GMT
etag: "63807dca-35e0"
x-zone: eu3
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12780
Expires: Sun, 29 Jan 2023 17:19:47 GMT
Date: Sun, 29 Jan 2023 13:46:47 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12780
Expires: Sun, 29 Jan 2023 17:19:47 GMT
Date: Sun, 29 Jan 2023 13:46:47 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12780
Expires: Sun, 29 Jan 2023 17:19:47 GMT
Date: Sun, 29 Jan 2023 13:46:47 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dfb84426fed94988d5c90372baff059c
f1c4740830034ff8a5759d59ae3f657ea524d083
d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12780
Expires: Sun, 29 Jan 2023 17:19:47 GMT
Date: Sun, 29 Jan 2023 13:46:47 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5dcfee7f-f43c-4828-8113-8ba8eb26f727.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5dcfee7f-f43c-4828-8113-8ba8eb26f727.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d5ed99a9aed6f367efc5c9498ce87ff1
3123eb6f550c51fe17fc62eff943b3739e239a9b
536f45bf2eb41f7056df8b34964538005d6a0a4c6157def3fbdd9487f8c79027
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5dcfee7f-f43c-4828-8113-8ba8eb26f727.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10168
x-amzn-requestid: fe58fe3c-dd23-4614-b5a2-e91ef68c2ab7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fFOD7H-NIAMFcxw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cb907f-687fc51741d7ff97182d1955;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 07:13:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: SORDxKQP-GudaCfRIbrmexyEeJXBExRipfF8sPHI-UkaYhR_RkDjvQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 00:55:27 GMT
age: 46280
etag: "3123eb6f550c51fe17fc62eff943b3739e239a9b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 10a6491e2c1dfde68c7cd7297e70700f
d0f195319825a6d3e5e50ad15b2fcab27cb65896
4d9353d5874e5ea03c25e1562db5f479c222a48db526fdd10ede7c2e6a4dd874
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11470
x-amzn-requestid: 62d61967-9380-4ca9-b11a-531425dbd2ae
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fIf6WFgAIAMF6gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cce042-6d9fe51029094b7f37c0a648;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 07:05:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rUIvvkZQ028ey3klplI-x9oZFugon5HsAWT-SN2GQo5hBeBJWqoMAg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 04:01:15 GMT
age: 35132
etag: "d0f195319825a6d3e5e50ad15b2fcab27cb65896"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd9499d0-2a81-41ee-b328-0d82ea64b349.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd9499d0-2a81-41ee-b328-0d82ea64b349.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 57ff6665d99a17d06b75c8fe64c90ab3
05648eed6830a794aa7e30ba4da526ed4c45b0ca
728b809756a0faff1a55bb03f13f33e31518f321e50dd944a0267d585c09264c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdd9499d0-2a81-41ee-b328-0d82ea64b349.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5198
x-amzn-requestid: 8117f45b-926a-4cbe-b152-dae983bc3526
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fOYdlG6XIAMF_vA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf3abd-7ce531f65f66ac3a73970841;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 01:56:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: naZHCCrUSwrLi2eWi3LOrir9zOGQcNUBJ1iS9wUewWoV3WM2E0kE2w==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 21:47:00 GMT
age: 57587
etag: "05648eed6830a794aa7e30ba4da526ed4c45b0ca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 21:56:46 GMT
age: 57001
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3be81f83687ddb6c93d3ff3c09a9dba2
50a48e737310d3f31840db4301b25927fbcc12c5
e78c909e2381898e7f546183784a05dff47c31734c95358aaada8c2777ad47be
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9167
x-amzn-requestid: f644ca78-a07a-43d1-96e4-95bcdecff7fb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPGLfFtOIAMFp7w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf83e2-202ca7160544acd24259bd5d;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:08:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xRwqrWS66l4qJfg2HnGphN1dbrIUod9XKW3zTk_-Km9AQRPyV2UqWg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 20:46:16 GMT
age: 61231
etag: "50a48e737310d3f31840db4301b25927fbcc12c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4c77437e3a7361861aed8bfecbfe6bd6
fefd238c13c0fdfb7d964c90fcc8a8cbbf953034
282d15c443cb6232ae0a30046a0dc24360617355a4651cdba59b11e6f7313d8a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5594
x-amzn-requestid: d56c9b84-dc1f-4d5c-91bf-7db55058bf67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLyeEGOloAMFpzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ce3126-5013a6b971d6800c5c85a4eb;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 07:03:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uPJu2SzvWcfqukF9t0PKG5iK7LrTnk1Cn5nioD4MklQgDAZnbiH8Gw==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 14:55:48 GMT
age: 82259
etag: "fefd238c13c0fdfb7d964c90fcc8a8cbbf953034"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
i4jfq.czgovd.com/images/bot.png
185.56.234.205200 OK 14 kB URL HTTP/2 i4jfq.czgovd.com/images/bot.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 460 x 145, 8-bit colormap, non-interlaced\012- data
Hash 7805f0839d6287816dd977e11d900d74
b03ca287261623f0b6e4732f83d233f01cf90272
1179d91e241cbea26748f5c37c22e29e7536e7ebdef99a5e0588f52d224097fb
GET /images/bot.png HTTP/1.1
Host: i4jfq.czgovd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://i4jfq.czgovd.com/bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=5
Cookie: truniq=1; ufp2=fc092fee0e63e001279034ceac86fc7707dbaa05
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 29 Jan 2023 13:46:48 GMT
content-type: image/png
content-length: 13792
last-modified: Fri, 25 Nov 2022 08:33:14 GMT
etag: "63807dca-35e0"
x-zone: eu4
accept-ranges: bytes
X-Firefox-Spdy: h2
g6h9j.czgovd.com/images/bot.png
185.56.234.205200 OK 18 kB URL HTTP/2 g6h9j.czgovd.com/images/bot.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
Hash 9a0894dd9d6831e1d38f6890edadcb67
c143612e4623360afeaa64b3cca8901ae1756bbc
8db1b2cebf3ec569442820c8686dce3103ff2b6c32f6ae6a0d29dbd0f340e7ad
GET /images/bot.png HTTP/1.1
Host: g6h9j.czgovd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://g6h9j.czgovd.com/bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=6
Cookie: truniq=1; ufp2=fc092fee0e63e001279034ceac86fc7707dbaa05
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 29 Jan 2023 13:46:48 GMT
content-type: image/png
content-length: 13792
last-modified: Fri, 25 Nov 2022 08:33:14 GMT
etag: "63807dca-35e0"
x-zone: eu4
accept-ranges: bytes
X-Firefox-Spdy: h2
g6h9j.czgovd.com/bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=6
185.56.234.205200 OK 45 kB URL HTTP/2 g6h9j.czgovd.com/bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=6
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
Hash 5fee87a890a26b59b296809f77434715
d979a3dbe97de025985edfd3d5dbb5e92e9c7931
81c2a9c719ab97c5b0150337b9388cf4cc5a97ceae97e1a97cfe9e7c10bce4e8
GET /bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=6 HTTP/1.1
Host: g6h9j.czgovd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://i4jfq.czgovd.com/
Cookie: truniq=1; ufp2=fc092fee0e63e001279034ceac86fc7707dbaa05
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 29 Jan 2023 13:46:48 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu3
content-encoding: gzip
X-Firefox-Spdy: h2
p8u56.czgovd.com/bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=3
185.56.234.205200 OK 37 kB URL HTTP/2 p8u56.czgovd.com/bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=3
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
Hash e5b59b732c02f4ccca4b70b0f2653e60
b6889815a55f55692b43e8777ce190235d696ad3
997b041fa48cd51faa50ace91a991b94c73f516bef3f935cc59142e73207914a
GET /bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=3 HTTP/1.1
Host: p8u56.czgovd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://8mec1.czgovd.com/
Cookie: truniq=1; ufp2=fc092fee0e63e001279034ceac86fc7707dbaa05
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 29 Jan 2023 13:46:47 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu
content-encoding: gzip
X-Firefox-Spdy: h2
okh4s.czgovd.com/images/bot.png
185.56.234.205200 OK 14 kB URL HTTP/2 okh4s.czgovd.com/images/bot.png
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 460 x 145, 8-bit colormap, non-interlaced\012- data
Hash 7805f0839d6287816dd977e11d900d74
b03ca287261623f0b6e4732f83d233f01cf90272
1179d91e241cbea26748f5c37c22e29e7536e7ebdef99a5e0588f52d224097fb
GET /images/bot.png HTTP/1.1
Host: okh4s.czgovd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://okh4s.czgovd.com/bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=9
Cookie: truniq=1; ufp2=fc092fee0e63e001279034ceac86fc7707dbaa05
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 29 Jan 2023 13:46:49 GMT
content-type: image/png
content-length: 13792
last-modified: Fri, 25 Nov 2022 08:33:14 GMT
etag: "63807dca-35e0"
x-zone: eu4
accept-ranges: bytes
X-Firefox-Spdy: h2
i4jfq.czgovd.com/bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=5
185.56.234.205200 OK 12 kB URL HTTP/2 i4jfq.czgovd.com/bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=5
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (19648)
Hash 26ed0d9492dc783733ec4694cfc164a4
423b9d6cf00296cdde908d08b3eab5981f20f80b
b0305656adff8d2429d0b7b593b747cc53de810d38adca7cc8352604e2c4909d
GET /bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=5 HTTP/1.1
Host: i4jfq.czgovd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bndmt.czgovd.com/
Cookie: truniq=1; ufp2=fc092fee0e63e001279034ceac86fc7707dbaa05
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 29 Jan 2023 13:46:48 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cb671e0383b668b261e17c82dc5839a1
556295291fa5bb0291251d6d0131fd01e7c98fc7
05ef8595f7ab72590cb0c61714ce3890df15a5a98f34821c88240789c4af5e31
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "05EF8595F7AB72590CB0C61714CE3890DF15A5A98F34821C88240789C4AF5E31"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15118
Expires: Sun, 29 Jan 2023 17:58:47 GMT
Date: Sun, 29 Jan 2023 13:46:49 GMT
Connection: keep-alive
tratbc.com/tb?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=9
138.68.123.185302 Found 0 B URL HTTP/1.1 tratbc.com/tb?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=9
IP 138.68.123.185:0
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tb?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=9 HTTP/1.1
Host: tratbc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://okh4s.czgovd.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.15.0
Date: Sun, 29 Jan 2023 13:46:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://n33d0nem0re.com/ptb/AMV41mPOOAUAWFcCAE5PFwAMACouEMIA
X-Zone: eu
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1f3ac40b332538d0606cffa74595aa97
8bd3a2ac6bd2c99284bd71fb2e73e84e85dc67af
7df2852c7258bcb745fab561075bdbba3bb4f26403aeb5ce9418cd8ce4090ae4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7DF2852C7258BCB745FAB561075BDBBA3BB4F26403AEB5CE9418CD8CE4090AE4"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5562
Expires: Sun, 29 Jan 2023 15:19:32 GMT
Date: Sun, 29 Jan 2023 13:46:50 GMT
Connection: keep-alive
n33d0nem0re.com/favicon.ico
188.72.236.136200 OK 43 B URL HTTP/2 n33d0nem0re.com/favicon.ico
IP 188.72.236.136:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /favicon.ico HTTP/1.1
Host: n33d0nem0re.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://n33d0nem0re.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 13:46:50 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f6c69d6d1e89e40e43f1230a59561232
cd6123e0f4cd308f8bddb34bc127ff1c22da9ead
31e19dd333f228cf500570de04d827a1c996ce9b6b50dc7308e222fdf3c368e8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "31E19DD333F228CF500570DE04D827A1C996CE9B6B50DC7308E222FDF3C368E8"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19170
Expires: Sun, 29 Jan 2023 19:06:20 GMT
Date: Sun, 29 Jan 2023 13:46:50 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f6c69d6d1e89e40e43f1230a59561232
cd6123e0f4cd308f8bddb34bc127ff1c22da9ead
31e19dd333f228cf500570de04d827a1c996ce9b6b50dc7308e222fdf3c368e8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "31E19DD333F228CF500570DE04D827A1C996CE9B6B50DC7308E222FDF3C368E8"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19170
Expires: Sun, 29 Jan 2023 19:06:20 GMT
Date: Sun, 29 Jan 2023 13:46:50 GMT
Connection: keep-alive
ulmoyc.com/fp.js?d=l7e38.czgovd.com
172.67.197.128200 OK 0 B URL HTTP/2 ulmoyc.com/fp.js?d=l7e38.czgovd.com
IP 172.67.197.128:0
GET /fp.js?d=l7e38.czgovd.com HTTP/1.1
Host: ulmoyc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://l7e38.czgovd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 13:46:46 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=14400
max-age: 0
access-control-allow-origin: https://l7e38.czgovd.com
x-zone: eu
last-modified: Sun, 29 Jan 2023 13:46:46 GMT
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rcOcZ6qBEJVfE7xFCr4uXHzq3Rc%2F3jLiJqf7Iv9ilcOonh2BUZpX8wDs%2Bn%2FPoRgUqCgoMbZMwwkt%2FLB5Oq3iqjnpu1J%2FkD6yEwa5LGiQH2FL8ZSxnKh1hWpQp%2B10"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79126a7a3811b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
okh4s.czgovd.com/bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=9
185.56.234.205200 OK 0 B URL HTTP/2 okh4s.czgovd.com/bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=9
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=9 HTTP/1.1
Host: okh4s.czgovd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fcksh.czgovd.com/
Cookie: truniq=1; ufp2=fc092fee0e63e001279034ceac86fc7707dbaa05
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 29 Jan 2023 13:46:49 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu3
content-encoding: gzip
X-Firefox-Spdy: h2
bndmt.czgovd.com/bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=4
185.56.234.205200 OK 0 B URL HTTP/2 bndmt.czgovd.com/bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=4
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=4 HTTP/1.1
Host: bndmt.czgovd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://p8u56.czgovd.com/
Cookie: truniq=1; ufp2=fc092fee0e63e001279034ceac86fc7707dbaa05
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 29 Jan 2023 13:46:47 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu4
content-encoding: gzip
X-Firefox-Spdy: h2
czgovd.com/bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA
185.56.234.205200 OK 0 B URL HTTP/2 czgovd.com/bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA HTTP/1.1
Host: czgovd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://1writtedr.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 29 Jan 2023 13:46:46 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: truniq=1; expires=Mon, 30-Jan-2023 13:46:46 GMT; Max-Age=86400; path=/; domain=czgovd.com
x-zone: eu
content-encoding: gzip
X-Firefox-Spdy: h2
l7e38.czgovd.com/bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=1
185.56.234.205200 OK 0 B URL HTTP/2 l7e38.czgovd.com/bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=1
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=1 HTTP/1.1
Host: l7e38.czgovd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://czgovd.com/
Cookie: truniq=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 29 Jan 2023 13:46:46 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu
content-encoding: gzip
X-Firefox-Spdy: h2
8mec1.czgovd.com/bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=2
185.56.234.205200 OK 0 B URL HTTP/2 8mec1.czgovd.com/bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=2
IP 185.56.234.205:0
ASN #39572 DataWeb Global Group B.V.
GET /bot-check?h=waWQiOjExMzg3NTksInNpZCI6MTE3Nzc4MCwid2lkIjo0MDc1NTcsInNyYyI6Mn0=eyJ&si1=342222&clickid=AMV41mPOOAUAWFcCAE5PFwAMACouEMIA&a_tb=http%3A%2F%2F9kbkfsf99.monster%2Fb%3Ftoken%3D56cd0d3d19ccdf64e68a5f8a5c02d7bb73592943%26c%3DAMV41mPOOAUAWFcCAE5PFwAMACouEMIA&i=2 HTTP/1.1
Host: 8mec1.czgovd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://l7e38.czgovd.com/
Cookie: truniq=1; ufp2=fc092fee0e63e001279034ceac86fc7707dbaa05
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.21.1
date: Sun, 29 Jan 2023 13:46:46 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu4
content-encoding: gzip
X-Firefox-Spdy: h2
n33d0nem0re.com/ptb/AMV41mPOOAUAWFcCAE5PFwAMACouEMIA
188.72.236.136200 OK 0 B URL HTTP/2 n33d0nem0re.com/ptb/AMV41mPOOAUAWFcCAE5PFwAMACouEMIA
IP 188.72.236.136:0
Analyzer Verdict Alert fortinet Malware
GET /ptb/AMV41mPOOAUAWFcCAE5PFwAMACouEMIA HTTP/1.1
Host: n33d0nem0re.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://okh4s.czgovd.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 13:46:49 GMT
content-type: text/html; charset=utf-8
set-cookie: bd_context=2EVlh5hpAUuWSnQgEdcnJN0VxqsSNpYJFf0FevXD8cvwqhpwKrm13GfjG6AurlEOf5vbRJwEx1lpiU4gtv0M+aZdqKiXZUIDMsiSxIyvX+c2x42t/FWboDMjqOt6vE41kiUkScBWRJ4SSioN9zMNCCNJxDCTpE5F7oYw7hILYm1a4KDLXddtp3D2wL1vLGGHSYxW0QDnPcH6yqOZXbg6PTwycZhjDu/ngmT56sG474QLy+O+B+YpZLWr6Gb700nzWzSZLSePxsleiYRN9dBixBiWC84uyMSONbhtDZIOaXUy8E4zuNDm/DhFMhEKg7bbbg9xDl7m5EiZs+mCj9GJfntE; Expires=Mon, 29 Jan 2024 13:46:50 GMT
X-Firefox-Spdy: h2
tradeinfo35.com/file.zip?c=AMp41mPOOAUA_koCAE5PFwAMAEITRpcA
188.114.97.1200 OK 0 B URL HTTP/2 tradeinfo35.com/file.zip?c=AMp41mPOOAUA_koCAE5PFwAMAEITRpcA
IP 188.114.97.1:0
GET /file.zip?c=AMp41mPOOAUA_koCAE5PFwAMAEITRpcA HTTP/1.1
Host: tradeinfo35.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://n33d0nem0re.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 13:46:50 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.1.2
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Sun, 29 Jan 2023 13:46:50 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LmoH8TgxPoNCGQD0dHTpuBjhjyKyAGRAahdMJzd%2B8J04NHsnAuEiJaHNPAMULGIz5YzTvJZCiAO1n6%2BcHi%2F3cF0kV0Xqw3SVBj7UkN6qu3S%2BC%2FuT48syYuKa16Kw79dSrRw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79126a8fbda2b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
flymylife.info/push.js?b=40
188.114.96.1200 OK 0 B URL HTTP/2 flymylife.info/push.js?b=40
IP 188.114.96.1:0
GET /push.js?b=40 HTTP/1.1
Host: flymylife.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tradeinfo35.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 13:46:50 GMT
content-type: application/javascript
last-modified: Wed, 04 Jan 2023 23:57:46 GMT
etag: W/"63b6127a-5953"
cache-control: max-age=14400
cf-cache-status: HIT
age: 561
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GoqgllxUeEYKwA12hZ67pcrKvDfTsUbEnttiAdUqnUsDFUME8tTUODDqf0P0LBmHN%2FWjWx3mW6HRerGwp3lSlew40%2FiaG56NzsS7glvOh0d7pgae%2BAWWkO56mfExtzQH2w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79126a917900b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2