wheatocapha.tk/?p=mi4tqnbqgq5gi3bpgq2dinq&sub1=[browser]&sub2=[category]&sub3=[siteid]&sub4=[carrier]&cpc=[bid]
185.177.93.20301 Moved Permanently 162 B URL HTTP/1.1 wheatocapha.tk/?p=mi4tqnbqgq5gi3bpgq2dinq&sub1=[browser]&sub2=[category]&sub3=[siteid]&sub4=[carrier]&cpc=[bid]
IP 185.177.93.20:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /?p=mi4tqnbqgq5gi3bpgq2dinq&sub1=[browser]&sub2=[category]&sub3=[siteid]&sub4=[carrier]&cpc=[bid] HTTP/1.1
Host: wheatocapha.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 06:28:12 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://wheatocapha.tk/?p=mi4tqnbqgq5gi3bpgq2dinq&sub1=[browser]&sub2=[category]&sub3=[siteid]&sub4=[carrier]&cpc=[bid]
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5fe582397f3003b225cb9058e02c2190
68174a54a8f6c4de9247ccea2dcae3c9b76bdb9f
238a2ef5b61d56353d0a5e97ec3092b8f2792cde7cecf40e1a858f8c129d3a9d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "238A2EF5B61D56353D0A5E97EC3092B8F2792CDE7CECF40E1A858F8C129D3A9D"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19140
Expires: Wed, 25 Jan 2023 11:47:13 GMT
Date: Wed, 25 Jan 2023 06:28:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 04512fea22644dc0d22c3f3a665f6645
0e213646abfc6d9560ba562362fd9e9115be8354
124d9534f75506b8e8c7535ee7295ac4e6cf5a8249a0edac6940839e56043181
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "124D9534F75506B8E8C7535EE7295AC4E6CF5A8249A0EDAC6940839E56043181"
Last-Modified: Mon, 23 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11013
Expires: Wed, 25 Jan 2023 09:31:46 GMT
Date: Wed, 25 Jan 2023 06:28:13 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 25 Jan 2023 05:42:47 GMT
content-type: application/json
age: 2726
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6cd4f1da1215c7473500807c185f2449
b14db0c67cf1f5faf85648ed8f94baf2dd03808b
9750518efd869da5ff74ba65a196445bd4340c909157cc1a420f62c1d07224a0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9750518EFD869DA5FF74BA65A196445BD4340C909157CC1A420F62C1D07224A0"
Last-Modified: Mon, 23 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7473
Expires: Wed, 25 Jan 2023 08:32:46 GMT
Date: Wed, 25 Jan 2023 06:28:13 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: SKQ03Ikgbu3tFnNeNuo3xCuaE/G04B0VvK02hS3fT0E8uL+Kw958gDWZ95PfKjAg8ftC0PzpqNA=
x-amz-request-id: BEKNNYSC04VNBPYA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 25 Jan 2023 05:48:27 GMT
age: 2386
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:13 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a6fd1a67c6a2707e9f649a14006497d3
1548e9cc2062c8c717aa908dc5188f4316ac656d
7d6471244ba0ff602aa66f22dae72a3dc1d4638199aa76878dfe9576999f37a4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D6471244BA0FF602AA66F22DAE72A3DC1D4638199AA76878DFE9576999F37A4"
Last-Modified: Tue, 24 Jan 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21553
Expires: Wed, 25 Jan 2023 12:27:26 GMT
Date: Wed, 25 Jan 2023 06:28:13 GMT
Connection: keep-alive
wheatocapha.tk/we8cb5684.js
185.177.93.20200 OK 54 B URL HTTP/2 wheatocapha.tk/we8cb5684.js
IP 185.177.93.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 57179ceb959bc164fdbc1be95c74a37b
2318036597ac83128772316581b0bfb071b38444
a579cbb078016e375a53963c635ec2f4754103ba4d17a4e10988ce60cd5c2bf0
GET /we8cb5684.js HTTP/1.1
Host: wheatocapha.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 54
last-modified: Wed, 07 Sep 2022 09:51:53 GMT
etag: "631869b9-36"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
wheatocapha.tk/20/img/hd.png
185.177.93.20404 Not Found 146 B URL HTTP/2 wheatocapha.tk/20/img/hd.png
IP 185.177.93.20:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /20/img/hd.png HTTP/1.1
Host: wheatocapha.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wheatocapha.tk/?p=mi4tqnbqgq5gi3bpgq2dinq&sub1=[browser]&sub2=[category]&sub3=[siteid]&sub4=[carrier]&cpc=[bid]
Cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Wed, 25 Jan 2023 06:28:12 GMT
content-type: text/html; charset=utf-8
content-length: 146
X-Firefox-Spdy: h2
wheatocapha.tk/20/img/stars-5.png
185.177.93.20404 Not Found 146 B URL HTTP/2 wheatocapha.tk/20/img/stars-5.png
IP 185.177.93.20:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /20/img/stars-5.png HTTP/1.1
Host: wheatocapha.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wheatocapha.tk/?p=mi4tqnbqgq5gi3bpgq2dinq&sub1=[browser]&sub2=[category]&sub3=[siteid]&sub4=[carrier]&cpc=[bid]
Cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Wed, 25 Jan 2023 06:28:12 GMT
content-type: text/html; charset=utf-8
content-length: 146
X-Firefox-Spdy: h2
wheatocapha.tk/20/img/stars-4.png
185.177.93.20404 Not Found 146 B URL HTTP/2 wheatocapha.tk/20/img/stars-4.png
IP 185.177.93.20:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /20/img/stars-4.png HTTP/1.1
Host: wheatocapha.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wheatocapha.tk/?p=mi4tqnbqgq5gi3bpgq2dinq&sub1=[browser]&sub2=[category]&sub3=[siteid]&sub4=[carrier]&cpc=[bid]
Cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Wed, 25 Jan 2023 06:28:12 GMT
content-type: text/html; charset=utf-8
content-length: 146
X-Firefox-Spdy: h2
wheatocapha.tk/favicon.ico
185.177.93.20204 No Content 0 B URL HTTP/2 wheatocapha.tk/favicon.ico
IP 185.177.93.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: wheatocapha.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wheatocapha.tk/?p=mi4tqnbqgq5gi3bpgq2dinq&sub1=[browser]&sub2=[category]&sub3=[siteid]&sub4=[carrier]&cpc=[bid]
Cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Wed, 25 Jan 2023 06:28:12 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 25 Jan 2023 05:50:27 GMT
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
age: 2266
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c398b6b39d11d25b8ae9bc5cd94a1c98
640aa8c399ced71d0c2a9f5a90fbaf091b01d642
a6f07f7c6a4746acc25457c726701df33120628dfb578bc4982448d8efee5855
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A6F07F7C6A4746ACC25457C726701DF33120628DFB578BC4982448D8EFEE5855"
Last-Modified: Tue, 24 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5887
Expires: Wed, 25 Jan 2023 08:06:20 GMT
Date: Wed, 25 Jan 2023 06:28:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b8aa68940b3dac4b4562f01d39e4fdd0
6c9c94c25cd79a9ca8eb80d92b3e7c5cfabc984b
efea0c86610fb0e19ce067acdbec2afd4509be1236ddbec5c6873fa332adf713
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EFEA0C86610FB0E19CE067ACDBEC2AFD4509BE1236DDBEC5C6873FA332ADF713"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12289
Expires: Wed, 25 Jan 2023 09:53:02 GMT
Date: Wed, 25 Jan 2023 06:28:13 GMT
Connection: keep-alive
push.services.mozilla.com/
52.12.59.47101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.12.59.47:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: k7ghZRt4DSECIBdH/1/Uww==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: C6BPQgH1RwyhFmAskmUITRvne7E=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 31fc992e6e24caebaf23b486b8719ad7
3d6d1df1162d1241dff6e8400726374d40a0938a
2173121a21ab7f8a148e489985accbe254ffb5b1839c658f7495f377bf1c0470
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2173121A21AB7F8A148E489985ACCBE254FFB5B1839C658F7495F377BF1C0470"
Last-Modified: Wed, 25 Jan 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21558
Expires: Wed, 25 Jan 2023 12:27:32 GMT
Date: Wed, 25 Jan 2023 06:28:14 GMT
Connection: keep-alive
0.wheatocapha.tk/we8cb5684.js
185.177.93.20200 OK 54 B URL HTTP/2 0.wheatocapha.tk/we8cb5684.js
IP 185.177.93.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 57179ceb959bc164fdbc1be95c74a37b
2318036597ac83128772316581b0bfb071b38444
a579cbb078016e375a53963c635ec2f4754103ba4d17a4e10988ce60cd5c2bf0
GET /we8cb5684.js HTTP/1.1
Host: 0.wheatocapha.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8; uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 54
last-modified: Wed, 07 Sep 2022 09:51:53 GMT
etag: "631869b9-36"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
1.wheatocapha.tk/we8cb5684.js
185.177.93.20200 OK 54 B URL HTTP/2 1.wheatocapha.tk/we8cb5684.js
IP 185.177.93.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 57179ceb959bc164fdbc1be95c74a37b
2318036597ac83128772316581b0bfb071b38444
a579cbb078016e375a53963c635ec2f4754103ba4d17a4e10988ce60cd5c2bf0
GET /we8cb5684.js HTTP/1.1
Host: 1.wheatocapha.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8; uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 54
last-modified: Wed, 07 Sep 2022 09:51:53 GMT
etag: "631869b9-36"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d5528af26e629a9bfbf0c421146b921f
1e4f99245d551384bedfe9b59b5f9905127d87bf
989830d93a90c30051b948a26ce403fb4370587ed3407d8d77ad0ad9cc28eb7a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "989830D93A90C30051B948A26CE403FB4370587ED3407D8D77AD0AD9CC28EB7A"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14411
Expires: Wed, 25 Jan 2023 10:28:26 GMT
Date: Wed, 25 Jan 2023 06:28:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d5528af26e629a9bfbf0c421146b921f
1e4f99245d551384bedfe9b59b5f9905127d87bf
989830d93a90c30051b948a26ce403fb4370587ed3407d8d77ad0ad9cc28eb7a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "989830D93A90C30051B948A26CE403FB4370587ED3407D8D77AD0AD9CC28EB7A"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14411
Expires: Wed, 25 Jan 2023 10:28:26 GMT
Date: Wed, 25 Jan 2023 06:28:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d5528af26e629a9bfbf0c421146b921f
1e4f99245d551384bedfe9b59b5f9905127d87bf
989830d93a90c30051b948a26ce403fb4370587ed3407d8d77ad0ad9cc28eb7a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "989830D93A90C30051B948A26CE403FB4370587ED3407D8D77AD0AD9CC28EB7A"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14411
Expires: Wed, 25 Jan 2023 10:28:26 GMT
Date: Wed, 25 Jan 2023 06:28:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d5528af26e629a9bfbf0c421146b921f
1e4f99245d551384bedfe9b59b5f9905127d87bf
989830d93a90c30051b948a26ce403fb4370587ed3407d8d77ad0ad9cc28eb7a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "989830D93A90C30051B948A26CE403FB4370587ED3407D8D77AD0AD9CC28EB7A"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14411
Expires: Wed, 25 Jan 2023 10:28:26 GMT
Date: Wed, 25 Jan 2023 06:28:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d5528af26e629a9bfbf0c421146b921f
1e4f99245d551384bedfe9b59b5f9905127d87bf
989830d93a90c30051b948a26ce403fb4370587ed3407d8d77ad0ad9cc28eb7a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "989830D93A90C30051B948A26CE403FB4370587ED3407D8D77AD0AD9CC28EB7A"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14411
Expires: Wed, 25 Jan 2023 10:28:26 GMT
Date: Wed, 25 Jan 2023 06:28:15 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07f8fda5-486e-4c4b-82f2-d763219f4562.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07f8fda5-486e-4c4b-82f2-d763219f4562.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6fa8338e574e2b8272ad3ca7cd9d1d63
298cafecdcac99de25fe5c2c4c993487f73ced6b
f75c20ebc4c0db2df40d958337cd87768714bdf53a48609ad0f97b7129b0b100
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07f8fda5-486e-4c4b-82f2-d763219f4562.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6715
x-amzn-requestid: c808c9d9-bbbb-43ff-ab15-33074a760093
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e4BO5En_oAMFTzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c648c5-67151eb46f5a10b0732fbd09;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 07:05:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0pvebF903zoRPgzBK2gxMlcYQTurylOzzCfOO07hYCG5aD7wX_fl9g==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Tue, 24 Jan 2023 19:26:10 GMT
age: 39725
etag: "298cafecdcac99de25fe5c2c4c993487f73ced6b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c2ede8d-ac50-4d79-98d8-53ba683ea9fe.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c2ede8d-ac50-4d79-98d8-53ba683ea9fe.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 03ba93e6c29fb268712e33228fa5ee38
2528a659d067ce39b31d5d8a0a9943e313a4caa6
2a3dfcbafd31bfc0cc653f9f43cfa98206334551b8ab76e9ab6d20338c8d6e1c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c2ede8d-ac50-4d79-98d8-53ba683ea9fe.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9864
x-amzn-requestid: dd368937-de20-4e2a-82e3-e82bc20a806c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e4AtgGu3oAMFaoQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c647ef-7efe789a5411c14a74ec327a;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 07:02:07 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: MDBCOwO8k543vmWo7ROvYyqyzju9iJIyGZvMpzHv7VqIoats0p3Nxg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Tue, 24 Jan 2023 10:10:42 GMT
age: 73053
etag: "2528a659d067ce39b31d5d8a0a9943e313a4caa6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f7aba17-803f-412c-8ef7-0959b52f87cc.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f7aba17-803f-412c-8ef7-0959b52f87cc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 13891ffe8a0cc240be63b7945e4b7688
958b50e9e7e5e02882d55612a5d6d2402e225390
1570d69731ba13051454a048ac85bde7c1de8e39dea0fd78e7e5c3f2be122cb6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f7aba17-803f-412c-8ef7-0959b52f87cc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9650
x-amzn-requestid: 3b968ee5-c941-4305-9f06-01e646deef15
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fH88wEUmoAMFerw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cca851-061f65177f36420a4685f372;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 03:06:57 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: xfiiS5M5j8iYKMyopaVqwYV6KKB1VIWT_yQbEKZ9G1wuq2QUEyDBpA==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 03:16:15 GMT
age: 11520
etag: "958b50e9e7e5e02882d55612a5d6d2402e225390"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
report2.biz/img/vi.mp4
188.114.98.234206 Partial Content 136 kB IP 188.114.98.234:0
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size 136 kB (136355 bytes)
Hash ec60cf3d5686df390e1ed5fe28530811
f7fcba2588a2aa277255d779fe8aa61630a66fe0
e1e47686631f7dde607bc1bdb75f611b1a132392d38a739453787166511fe701
GET /img/vi.mp4 HTTP/1.1
Host: report2.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://0.wheatocapha.tk/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Wed, 25 Jan 2023 06:28:14 GMT
content-type: video/mp4
content-length: 1386253
last-modified: Thu, 12 Mar 2020 14:24:15 GMT
etag: "5e6a460f-15270d"
cache-control: max-age=16070400
cf-cache-status: HIT
content-range: bytes 0-1386252/1386253
server: cloudflare
cf-ray: 78eef2988cf2b515-OSL
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F602ef184-7161-4092-91b7-61e14eef28a5.jpeg
34.120.237.76200 OK 3.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F602ef184-7161-4092-91b7-61e14eef28a5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 805711aaab303931f8966bbf73aeda52
2bd02a45c8b407e36a41a482b121ea3e14f7c722
66268668c1a970268d75beb1b57f66a759bedac76958a3359cb23104de40fbeb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F602ef184-7161-4092-91b7-61e14eef28a5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3411
x-amzn-requestid: 62afd364-e94f-45ff-ba6c-9b589fc53e5f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e-EyCEzrIAMFb8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c8b4d9-203f51040f82f12d535446c4;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 03:11:21 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3Ke5d5WguVrF_Phnhu9ojzN5Md0VkYnFfxKNoh5HHrmHwPI90IAIdA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 04:49:46 GMT
age: 5909
etag: "2bd02a45c8b407e36a41a482b121ea3e14f7c722"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2972ed07-7fe0-4c0a-99f8-993c3f6e55c2.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2972ed07-7fe0-4c0a-99f8-993c3f6e55c2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a625c16030b935ba09ec63cb2d6e1525
1a1ebddb1ee9cf3c2445d29a85127134a0a5db01
ab6dd4aec486677bd68826e4f01dd36b005d46d521611dc271406a57a64ac615
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2972ed07-7fe0-4c0a-99f8-993c3f6e55c2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4831
x-amzn-requestid: 585cf8dd-27e2-4f57-964c-9f5c5975cd30
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fKmd9Gh8oAMF25Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cdb78c-474af4932439a7b75e55031b;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 22:24:12 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 0eET1YmQZzrOOhm_z29dbcFRLkupqzuzv3EHSsVMHzu_yqxZfsqcog==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 24 Jan 2023 10:50:42 GMT
age: 70653
etag: "1a1ebddb1ee9cf3c2445d29a85127134a0a5db01"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
2.wheatocapha.tk/we8cb5684.js
185.177.93.20200 OK 54 B URL HTTP/2 2.wheatocapha.tk/we8cb5684.js
IP 185.177.93.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 57179ceb959bc164fdbc1be95c74a37b
2318036597ac83128772316581b0bfb071b38444
a579cbb078016e375a53963c635ec2f4754103ba4d17a4e10988ce60cd5c2bf0
GET /we8cb5684.js HTTP/1.1
Host: 2.wheatocapha.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8; uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 54
last-modified: Wed, 07 Sep 2022 09:51:53 GMT
etag: "631869b9-36"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
wheatocapha.tk/img/18/logo.png
185.177.93.20200 OK 7.2 kB URL HTTP/2 wheatocapha.tk/img/18/logo.png
IP 185.177.93.20:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 298 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 9fa0c2649b56a64bf24ec059fd49b982
802c9d794cc845927439ce8a3077975199015ebb
a513d2e457125cd443461746199793cd61f2e4511a9acfcda504f70b5000c774
GET /img/18/logo.png HTTP/1.1
Host: wheatocapha.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.wheatocapha.tk/
Cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:14 GMT
content-type: image/png
content-length: 7171
last-modified: Tue, 25 Feb 2020 07:15:00 GMT
etag: "5e54c974-1c03"
expires: Fri, 24 Feb 2023 06:28:14 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
wheatocapha.tk/img/18/burger.png
185.177.93.20200 OK 295 B URL HTTP/2 wheatocapha.tk/img/18/burger.png
IP 185.177.93.20:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 56 x 50, 8-bit gray+alpha, non-interlaced\012- data
Hash fdea660170d6a7330b24d167c2c3d1d6
c95db01c09abcd2c3b3375ea2baa1443d1473af0
415ba400194f72a1511c8cd22b4bfe13acfeebbf3e9ff958d1e39cbb738d07c8
GET /img/18/burger.png HTTP/1.1
Host: wheatocapha.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.wheatocapha.tk/
Cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:14 GMT
content-type: image/png
content-length: 295
last-modified: Tue, 25 Feb 2020 07:15:00 GMT
etag: "5e54c974-127"
expires: Fri, 24 Feb 2023 06:28:14 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
wheatocapha.tk/img/18/search-icon.png
185.177.93.20200 OK 516 B URL HTTP/2 wheatocapha.tk/img/18/search-icon.png
IP 185.177.93.20:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 56 x 50, 8-bit gray+alpha, non-interlaced\012- data
Hash 34123928575ef4cf3df12db2fa095e99
8d5873549768bcbf278e04c6baf6404c2971b07b
0ff5216f552496405eca9c9449f77dd8a913bce909fa9ae8662cb85969f96272
GET /img/18/search-icon.png HTTP/1.1
Host: wheatocapha.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.wheatocapha.tk/
Cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:14 GMT
content-type: image/png
content-length: 516
last-modified: Tue, 25 Feb 2020 07:15:00 GMT
etag: "5e54c974-204"
expires: Fri, 24 Feb 2023 06:28:14 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
wheatocapha.tk/img/18/btn-icon.png
185.177.93.20200 OK 395 B URL HTTP/2 wheatocapha.tk/img/18/btn-icon.png
IP 185.177.93.20:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 52 x 56, 8-bit gray+alpha, non-interlaced\012- data
Hash 06f18f63c3036edde4e88c1d5f200104
33c1e2780dc0a6f595afc2d87ed438ccb3d8922b
005e42b95bb1fef26b792467deeba4e0aeadc51bb9726d20dc301c1c80d99d2d
GET /img/18/btn-icon.png HTTP/1.1
Host: wheatocapha.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.wheatocapha.tk/
Cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:14 GMT
content-type: image/png
content-length: 395
last-modified: Tue, 25 Feb 2020 07:15:00 GMT
etag: "5e54c974-18b"
expires: Fri, 24 Feb 2023 06:28:14 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
wheatocapha.tk/img/18/player-ui-l.png
185.177.93.20200 OK 663 B URL HTTP/2 wheatocapha.tk/img/18/player-ui-l.png
IP 185.177.93.20:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 144 x 100, 8-bit gray+alpha, non-interlaced\012- data
Hash 5159265d4e4ecc1bfa2e8b028fc0534d
443e7f825760d81906a5c1a4ca660e0385b435fe
46a01582282a1e9326a84e445ba3da470e059b5d091d326e45271b698d6d62a1
GET /img/18/player-ui-l.png HTTP/1.1
Host: wheatocapha.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.wheatocapha.tk/
Cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:14 GMT
content-type: image/png
content-length: 663
last-modified: Tue, 25 Feb 2020 07:15:00 GMT
etag: "5e54c974-297"
expires: Fri, 24 Feb 2023 06:28:14 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
wheatocapha.tk/img/18/player-ui-r.png
185.177.93.20200 OK 1.1 kB URL HTTP/2 wheatocapha.tk/img/18/player-ui-r.png
IP 185.177.93.20:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 226 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 74174fa53d52a184fa0a586f988f0d94
6fc2f64667c7cfabd7ae7a2409d20de7a501d9a3
4e0fbe743a42b8a641daec0745e3a80e22ed9df424b7e0e0c852ba27b9b409d3
GET /img/18/player-ui-r.png HTTP/1.1
Host: wheatocapha.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.wheatocapha.tk/
Cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:14 GMT
content-type: image/png
content-length: 1118
last-modified: Tue, 25 Feb 2020 07:15:00 GMT
etag: "5e54c974-45e"
expires: Fri, 24 Feb 2023 06:28:14 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
wheatocapha.tk/img/18/views.png
185.177.93.20200 OK 461 B URL HTTP/2 wheatocapha.tk/img/18/views.png
IP 185.177.93.20:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 32 x 28, 8-bit/color RGBA, non-interlaced\012- data
Hash 0ad8de150ced2f4ab8828c02c23ab95c
b7620db8dc0ef0075c79de9c0f3409d292413b80
efb233df0a528dd04d7b9725ad679738f043478ced654fe0e9a9b59b205d447b
GET /img/18/views.png HTTP/1.1
Host: wheatocapha.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.wheatocapha.tk/
Cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:14 GMT
content-type: image/png
content-length: 461
last-modified: Tue, 25 Feb 2020 07:15:00 GMT
etag: "5e54c974-1cd"
expires: Fri, 24 Feb 2023 06:28:14 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
wheatocapha.tk/img/18/stars.png
185.177.93.20200 OK 589 B URL HTTP/2 wheatocapha.tk/img/18/stars.png
IP 185.177.93.20:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 169 x 28, 8-bit/color RGBA, non-interlaced\012- data
Hash 586e70ae8cf2f823dc7876917d90be92
33d61043ae53a9377ad37bfd5b84c73f770c4105
894bcd381abf4e10bbbe8802a7c52396d8b6b73cdf9d2837caf8f6a0d7aea707
GET /img/18/stars.png HTTP/1.1
Host: wheatocapha.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.wheatocapha.tk/
Cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:14 GMT
content-type: image/png
content-length: 589
last-modified: Tue, 25 Feb 2020 07:16:00 GMT
etag: "5e54c9b0-24d"
expires: Fri, 24 Feb 2023 06:28:14 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
wheatocapha.tk/img/18/pics-1.jpg
185.177.93.20200 OK 9.4 kB URL HTTP/2 wheatocapha.tk/img/18/pics-1.jpg
IP 185.177.93.20:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data\012- data
Hash 0fdbe8ac7fda89d3ed4d0845d4f86384
b14ff199e53771631d302442b22ecdd1867c88e4
733eb3487f5a82cdb71eda01d36247bf57ad107ee3be967d6561fa7f2f78664e
GET /img/18/pics-1.jpg HTTP/1.1
Host: wheatocapha.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.wheatocapha.tk/
Cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:14 GMT
content-type: image/jpeg
content-length: 9415
last-modified: Tue, 25 Feb 2020 07:16:00 GMT
etag: "5e54c9b0-24c7"
expires: Fri, 24 Feb 2023 06:28:14 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
wheatocapha.tk/img/18/pics-2.jpg
185.177.93.20200 OK 6.0 kB URL HTTP/2 wheatocapha.tk/img/18/pics-2.jpg
IP 185.177.93.20:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data\012- data
Hash 7ca024e2ee360dee3a5ed409d8694295
55ac5fb299e34092ec8323e8f32cba0f33fd4105
0e6b67b963746ceeb4785fe5041806aca4d98a6fce7a2585240d25e32b5fe999
GET /img/18/pics-2.jpg HTTP/1.1
Host: wheatocapha.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.wheatocapha.tk/
Cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:14 GMT
content-type: image/jpeg
content-length: 5972
last-modified: Tue, 25 Feb 2020 07:16:00 GMT
etag: "5e54c9b0-1754"
expires: Fri, 24 Feb 2023 06:28:14 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
wheatocapha.tk/img/18/pics-3.jpg
185.177.93.20200 OK 9.2 kB URL HTTP/2 wheatocapha.tk/img/18/pics-3.jpg
IP 185.177.93.20:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data\012- data
Hash 5f69e27fa1a7f979ca9e375da09d24dc
22699243d1b2bb1da09e8db42cb4f7cdccb71820
d775a68996acfd4e425c30b5ecb82549361b9f18fadea8509c312b4f420d3634
GET /img/18/pics-3.jpg HTTP/1.1
Host: wheatocapha.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.wheatocapha.tk/
Cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:14 GMT
content-type: image/jpeg
content-length: 9158
last-modified: Tue, 25 Feb 2020 07:16:00 GMT
etag: "5e54c9b0-23c6"
expires: Fri, 24 Feb 2023 06:28:14 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
wheatocapha.tk/img/18/pics-4.jpg
185.177.93.20200 OK 9.7 kB URL HTTP/2 wheatocapha.tk/img/18/pics-4.jpg
IP 185.177.93.20:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data\012- data
Hash bb74abbad9688a711d5c26b38a9836e3
8bec5939654c02d7b800c66547e1aa778c2d438c
3fb9e79f5a0a5fe0f0d466b9d715562c6abeed5b2b32dc4b9673b80494137dbe
GET /img/18/pics-4.jpg HTTP/1.1
Host: wheatocapha.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.wheatocapha.tk/
Cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:14 GMT
content-type: image/jpeg
content-length: 9707
last-modified: Tue, 25 Feb 2020 07:16:00 GMT
etag: "5e54c9b0-25eb"
expires: Fri, 24 Feb 2023 06:28:14 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
accept-ranges: bytes
X-Firefox-Spdy: h2
2.wheatocapha.tk/favicon.ico
185.177.93.20204 No Content 0 B URL HTTP/2 2.wheatocapha.tk/favicon.ico
IP 185.177.93.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: 2.wheatocapha.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.wheatocapha.tk/?p=mi4tqnbqgq5gi3bpgq2dinq&sub1=[browser]&sub2=[category]&sub3=[siteid]&sub4=[carrier]
Cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8; uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Wed, 25 Jan 2023 06:28:14 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
3.wheatocapha.tk/?p=mi4tqnbqgq5gi3bpgq2dinq&sub1=[browser]&sub2=[category]&sub3=[siteid]&sub4=[carrier]
185.177.93.20200 OK 33 kB URL HTTP/2 3.wheatocapha.tk/?p=mi4tqnbqgq5gi3bpgq2dinq&sub1=[browser]&sub2=[category]&sub3=[siteid]&sub4=[carrier]
IP 185.177.93.20:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7732)
Hash bad749017ff3d8f2d588be9ecf368de6
33deb0663ca8ce304a87ec96bc12e741aab54be9
d73a919dccdad2d9c95eb8705ad667605383bc0b5e76cea068c11ed95a2f085f
GET /?p=mi4tqnbqgq5gi3bpgq2dinq&sub1=[browser]&sub2=[category]&sub3=[siteid]&sub4=[carrier] HTTP/1.1
Host: 3.wheatocapha.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.wheatocapha.tk/
Cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:15 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8; expires=Fri, 24-Feb-2023 06:28:16 GMT; Max-Age=2592000; path=/; domain=3.wheatocapha.tk
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
3.wheatocapha.tk/favicon.ico
185.177.93.20204 No Content 0 B URL HTTP/2 3.wheatocapha.tk/favicon.ico
IP 185.177.93.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: 3.wheatocapha.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3.wheatocapha.tk/?p=mi4tqnbqgq5gi3bpgq2dinq&sub1=[browser]&sub2=[category]&sub3=[siteid]&sub4=[carrier]
Cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8; uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Wed, 25 Jan 2023 06:28:15 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash fba2423b1340ba0eaf1a52d6f6297338
4eee20da66dac7a2b0927d7af10df78c8fc9b356
5679a55faa3e7e2626d124a9fafbf520ff42ff7562c6efcb7750c4ae9815b60a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 25 Jan 2023 06:28:16 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 24 Jan 2023 20:16:37 GMT
Expires: Tue, 31 Jan 2023 20:16:36 GMT
Etag: "4eee20da66dac7a2b0927d7af10df78c8fc9b356"
Cache-Control: max-age=567499,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78eef2a48b4a1c0a-OSL
llnnwl.ads4trk.com/c/f873e21c6d26c964?bid={{bid}}&browser=[browser]&category=[category]&siteid=[siteid]&carrier=[carrier]
52.17.88.125302 Found 293 B URL HTTP/2 llnnwl.ads4trk.com/c/f873e21c6d26c964?bid={{bid}}&browser=[browser]&category=[category]&siteid=[siteid]&carrier=[carrier]
IP 52.17.88.125:0
File type HTML document, ASCII text
Hash a14504a905cd34a1cf9bd545d4033775
6deba9467cc04041d92c86884a6a95c1b45b5df2
d11cbb4e9a84b78089a8128f01d9629a8dac4ab18e914cd0398add849414ca6e
GET /c/f873e21c6d26c964?bid={{bid}}&browser=[browser]&category=[category]&siteid=[siteid]&carrier=[carrier] HTTP/1.1
Host: llnnwl.ads4trk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3.wheatocapha.tk/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Wed, 25 Jan 2023 06:28:16 GMT
content-type: text/html; charset=utf-8
content-length: 293
location: https://vzdakg.palatlaldate.net?browser=%5Bbrowser%5D&carrier=%5Bcarrier%5D&category=%5Bcategory%5D&click_id=uviou63d0cc000007fd49&j1=1&s1=165722&s2=1711633&s3=[siteid]&s5=[category]&siteid=%5Bsiteid%5D&utm_source=da57dc555e50572d
set-cookie: unique_id=63d0cc0000038a01; Path=/; Expires=Sun, 26 Mar 2023 06:28:16 GMT; Secure; SameSite=None
unique_id2=63d0cc000003923f; Path=/; Expires=Tue, 25 Apr 2023 06:28:16 GMT; Secure; SameSite=None
impression=; Path=/; Expires=Wed, 25 Jan 2023 06:28:16 GMT; Secure; SameSite=None
tid=uviou63d0cc000007fd49; Path=/; Expires=Thu, 30 Dec 2027 06:28:16 GMT; Secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2217c728940406bf5c0ac6e5b02b1d38
5f141a35646ffc28132be0718529179541ac82e9
301c5f76f0711fd72571f227d7732e1883ddf68c47b5c5c3a1a9ee002a51d2c7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "301C5F76F0711FD72571F227D7732E1883DDF68C47B5C5C3A1A9EE002A51D2C7"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4218
Expires: Wed, 25 Jan 2023 07:38:35 GMT
Date: Wed, 25 Jan 2023 06:28:17 GMT
Connection: keep-alive
cdn-dimi.akamaized.net/landings/277386/1674482702/css/popup.css?1674482703
184.31.15.107200 OK 635 B URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/css/popup.css?1674482703
IP 184.31.15.107:0
ASN #20940 Akamai International B.V.
File type assembler source, ASCII text
Hash 4ed05a608a8ec589e8aa5b040f7bb878
c58649a707ba64aed8b285d3be9f6b06a85ea6cb
bcc5d06c7b102eed1477b062020dc4414e4f6c4f9e390e3e67fa675a5f0fa363
GET /landings/277386/1674482702/css/popup.css?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzdakg.palatlaldate.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: ttvWjm4urX8HH2UVAT6EZ/02nRcFLf8IRwFm4tXkypT2dGuR4lPDtmJJ9BMEJnFkncKLbuRh52Y=
x-amz-request-id: G5V7NZJNWPKNH6BK
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "5a61d45142ce5764a2b36dc75343fcd5"
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 25 Jan 2023 06:28:17 GMT
Content-Length: 635
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277386/1674482702/js/vegas.js?1674482703
184.31.15.107200 OK 3.4 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/js/vegas.js?1674482703
IP 184.31.15.107:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (11568), with CRLF line terminators
Hash 156c4046496d16408b06eb605ce1ab09
0dde2c6bbb3cf64132989866bdc1161be62474e3
657aac4fd9cd122e452b9da290c486d115af6b8fe8d409f39ab1d1d3dff44144
GET /landings/277386/1674482702/js/vegas.js?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzdakg.palatlaldate.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: oi5yJT4Kgm1yAV21C/1qTyVqsi8cVmL9q9vzytjhZRI9BrXn+TlUdM6LQIBMr9RsYwsxo/ieHEY=
x-amz-request-id: G5VDW6C1EPHMD45H
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "9acc66fdf18dea05bd75165eb5a96259"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 25 Jan 2023 06:28:17 GMT
Content-Length: 3401
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277386/1674482702/css/style.css?1674482703
184.31.15.107200 OK 3.0 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/css/style.css?1674482703
IP 184.31.15.107:0
ASN #20940 Akamai International B.V.
Hash 7b6cd1158523786c5e8ff92fa27acb8c
dc556e71d4138225f0a8f529d680794fe6d7c082
53dafd93c9ad7ffdf9b187663144875e7a21c4edfa1e72aec51d360293724b06
GET /landings/277386/1674482702/css/style.css?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzdakg.palatlaldate.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: pxobBlk/fHQcK6ixIXLob0FQAj+xTD+4QG3HGHOf+Akla4N9rjCSmCmAtxZk4umLNGYfFhSb1W4=
x-amz-request-id: FRK09PPNJ46GTYT8
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "c0e91ee9eeac065a145dea1b96ebfd1e"
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 25 Jan 2023 06:28:17 GMT
Content-Length: 2985
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277386/1674482702/js/translates.js?1674482703
184.31.15.107200 OK 10 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/js/translates.js?1674482703
IP 184.31.15.107:0
ASN #20940 Akamai International B.V.
Hash f54e5331f7d782d475a884cce1db33fd
d5145e3ebcab1a21d4cdff8632c9901db93b962f
73c4aa8abb0450fbb7eef37c3afc3d6f11f0c2bc3f0a101323364b59298e4e2f
GET /landings/277386/1674482702/js/translates.js?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzdakg.palatlaldate.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: GdY854/pQVuf0Bhf5kCKNWnQaJx0Dac8TTWyj1bDDdMCYTk31wKu8gebgltbQmsnDGMdWzP7feg=
x-amz-request-id: G5V1X75VPMQ2Y3J8
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "07cee83d1be10af1ca991d1c60abd6e2"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 25 Jan 2023 06:28:17 GMT
Content-Length: 10048
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277386/1674482702/js/function.js?1674482703
184.31.15.107200 OK 688 B URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/js/function.js?1674482703
IP 184.31.15.107:0
ASN #20940 Akamai International B.V.
Hash ba7deda1bcbc1e2d5c127678e05b71a1
4707fef7ab43a522b3cf7f5c0db4c148c5a43701
303187afb2cbbbf6095724df7eaf8c7967bb019dc17e1224d9e2366ac7f381c5
GET /landings/277386/1674482702/js/function.js?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzdakg.palatlaldate.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: MtCZKvPPtT4E7QHUbtH7FAEexAfPV3N283ookGVJhyGNlWUV0s3p/6Mo4ePHwUknaXyO0kwahOQ=
x-amz-request-id: G5VCR696NRYFVA2S
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "5da2c51949f2a873bf0091a104658e72"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 25 Jan 2023 06:28:17 GMT
Content-Length: 688
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277386/1674482702/js/jquery-2.2.4.min.js?1674482703
184.31.15.107200 OK 30 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/js/jquery-2.2.4.min.js?1674482703
IP 184.31.15.107:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (32065)
Hash 2fa28552f1ee4e1382ee43930b53afb8
803670da6a35378bf4eb73acc8e72fe4feb5ca30
ecfddf7d1e798dd2778c071bea24c70b650ef990fc09793fce25f2f094b35494
GET /landings/277386/1674482702/js/jquery-2.2.4.min.js?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzdakg.palatlaldate.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: 7fL27IWAzSCFbYLN4LrcdVQZFWCeJU/ATH8pk6Fe4rqXS+RuEkiyEFEYni8RZ8GM+ZsegxQTkkI=
x-amz-request-id: FRK901JCKS0DNV0D
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "2f6b11a7e914718e0290410e85366fe9"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 25 Jan 2023 06:28:17 GMT
Content-Length: 29855
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277386/1674482702/js/tn_pHash.js?1674482703
184.31.15.107200 OK 252 B URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/js/tn_pHash.js?1674482703
IP 184.31.15.107:0
ASN #20940 Akamai International B.V.
Hash 3544c08851825a863747a126548d6993
01882998e61b9f93d5f346386fa633f6b8d95b2d
9804b1c7443db74b2d7fe81cf11d84c8f0d9a7dee281b4fe8c15552bdc7eed69
GET /landings/277386/1674482702/js/tn_pHash.js?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzdakg.palatlaldate.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: YWiSXPoLi5V5HETKxCPXUM/feOE282l19MOw8tQ74hh8DH3K4ePYJIlPH/Tb+zwMHKHJQ6owYHg=
x-amz-request-id: G5VB8KKRV55BPKT4
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "3544c08851825a863747a126548d6993"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Content-Length: 252
Date: Wed, 25 Jan 2023 06:28:17 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277386/1674482702/js/title_tanslate.js?1674482703
184.31.15.107200 OK 1.3 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/js/title_tanslate.js?1674482703
IP 184.31.15.107:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 0e212ad4454c941c45c2e57df42c2b4f
fe9d7c484c2c0d7a6475692ef984c53a06c95406
e950a9e5e696f39d02028b27a4cd82fab1b6fd07fa34a238d3a3f7f5e90d95c3
GET /landings/277386/1674482702/js/title_tanslate.js?1674482703 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzdakg.palatlaldate.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: QMofpVlDkorW+VCul7gMinrelnZ2i/VL0P5X6shI7Q4OmMu5izVOk5HR3x43Iyk3Nz0g7kpqFzc=
x-amz-request-id: G5V3A08PS7YKM058
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "5f373fa5bf21c44b9ad23b70ef96e73d"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 25 Jan 2023 06:28:17 GMT
Content-Length: 1298
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1005c9e99dc8d4390861d6730c7a403b
0e3858ae26a1c01e0160e3b60e400bea202ebd05
4ff7ceb81a3dad4fefd3a15ece4ce13898624c01bf5a0cb4fdd90958978ed6b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 06:28:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1005c9e99dc8d4390861d6730c7a403b
0e3858ae26a1c01e0160e3b60e400bea202ebd05
4ff7ceb81a3dad4fefd3a15ece4ce13898624c01bf5a0cb4fdd90958978ed6b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 06:28:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn-dimi.akamaized.net/landings/277386/1674482702/images/logo-white.png
184.31.15.107200 OK 9.5 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/images/logo-white.png
IP 184.31.15.107:0
ASN #20940 Akamai International B.V.
File type PNG image data, 300 x 124, 8-bit colormap, non-interlaced\012- data
Hash 27a8fdccc08741c52422bd4852f87c3a
b103730d95829f64c0746b97a85e0ada4f6c18a2
7afbc6f7cb728a9b4dfd7791a8207c60bdd255ea2f00ba12880bee15f7fbdff0
GET /landings/277386/1674482702/images/logo-white.png HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzdakg.palatlaldate.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: AgIH9lPdrzw+86wUmYxdO1HCvHg5WlvKxbspwge1l+xe4GTOkIDhT6Honyqu0tUnyfbRZ9Rm8EE=
x-amz-request-id: A6E1EH4DNM7FGEKN
Last-Modified: Mon, 23 Jan 2023 14:05:05 GMT
ETag: "27a8fdccc08741c52422bd4852f87c3a"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 9461
Date: Wed, 25 Jan 2023 06:28:17 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277386/1674482702/images/110010_2.jpg
184.31.15.107200 OK 29 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/images/110010_2.jpg
IP 184.31.15.107:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 682x388, components 3\012- data
Hash 2b8ac4e50a5bbbe4e6ea964bec7f3086
5486267315a7cd9eca01fa2fc6007060189c8b4f
8f700ae9dd68bd1130d528b77e1de92b4945e036060fdb01a02ccc148ab24ab3
GET /landings/277386/1674482702/images/110010_2.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzdakg.palatlaldate.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: m4zRrbmAKvY3yNfJNqJYmYlF5//RTDUK2tE5KcTrB+bSL0yMrnoZS0Jqu20pZFazlGA+VyWxi8lFHhx9rlkdHA==
x-amz-request-id: V6PP13D12Z24WPXD
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "2b8ac4e50a5bbbe4e6ea964bec7f3086"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 29319
Date: Wed, 25 Jan 2023 06:28:17 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
vzdakg.palatlaldate.net/?browser=%5Bbrowser%5D&carrier=%5Bcarrier%5D&category=%5Bcategory%5D&click_id=uviou63d0cc000007fd49&j1=1&s1=165722&s2=1711633&s3=[siteid]&s5=[category]&siteid=%5Bsiteid%5D&utm_source=da57dc555e50572d
63.32.216.166200 OK 48 kB URL HTTP/2 vzdakg.palatlaldate.net/?browser=%5Bbrowser%5D&carrier=%5Bcarrier%5D&category=%5Bcategory%5D&click_id=uviou63d0cc000007fd49&j1=1&s1=165722&s2=1711633&s3=[siteid]&s5=[category]&siteid=%5Bsiteid%5D&utm_source=da57dc555e50572d
IP 63.32.216.166:0
Hash c3e970f55ef9fb77d12ea4a1df936cec
9eeeb2b8f6acca1c41c2087d22138a7f08020f79
905ee8508cbdcd7c28af15070bea864676bfedf088553ce957c5c222627c6388
GET /?browser=%5Bbrowser%5D&carrier=%5Bcarrier%5D&category=%5Bcategory%5D&click_id=uviou63d0cc000007fd49&j1=1&s1=165722&s2=1711633&s3=[siteid]&s5=[category]&siteid=%5Bsiteid%5D&utm_source=da57dc555e50572d HTTP/1.1
Host: vzdakg.palatlaldate.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3.wheatocapha.tk/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:17 GMT
content-type: text/html; charset=utf-8
set-cookie: unique_id=63d0b242000d885e; Path=/; Expires=Sun, 26 Mar 2023 06:28:17 GMT; Secure; SameSite=None
unique_id2=63d0702300069e81; Path=/; Expires=Tue, 25 Apr 2023 06:28:17 GMT; Secure; SameSite=None
63d0702300069e81_c=1; Path=/; Expires=Tue, 25 Apr 2023 06:28:17 GMT; Secure; SameSite=None
ref_token=16403_165722; Path=/; Expires=Fri, 24 Feb 2023 06:28:17 GMT; Secure; SameSite=None
impression=; Path=/; Expires=Wed, 25 Jan 2023 06:28:17 GMT; Secure; SameSite=None
63d0702300069e81_sl=[277386]; Path=/; Expires=Wed, 08 Feb 2023 06:28:17 GMT; Secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2
cdn-dimi.akamaized.net/landings/277386/1674482702/images/1.jpg
184.31.15.107200 OK 62 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/images/1.jpg
IP 184.31.15.107:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 900x1280, components 3\012- data
Hash 765620bf3d6dcdb5495b70409b6b4ba8
f4a00a38ca93130e5e0398deea0ba2f928e2172b
e0d65a21b743f7fe6de2f4bd57316546e7f30c7810740d68322a44dfe3004373
GET /landings/277386/1674482702/images/1.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzdakg.palatlaldate.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: zuZX7Ok64yMD+VLD9hd0HHyBaMT+Akleikl6Ua5LnDLHR8R/dJKFYat/acHIi9jF5/AACH05uno=
x-amz-request-id: A6EFW8E24TXQC9EF
Last-Modified: Mon, 23 Jan 2023 14:05:06 GMT
ETag: "765620bf3d6dcdb5495b70409b6b4ba8"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 62164
Date: Wed, 25 Jan 2023 06:28:17 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1005c9e99dc8d4390861d6730c7a403b
0e3858ae26a1c01e0160e3b60e400bea202ebd05
4ff7ceb81a3dad4fefd3a15ece4ce13898624c01bf5a0cb4fdd90958978ed6b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 06:28:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn-dimi.akamaized.net/landings/277386/1674482702/images/favicon.png?t=20230125062817
184.31.15.107200 OK 4.1 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/images/favicon.png?t=20230125062817
IP 184.31.15.107:0
ASN #20940 Akamai International B.V.
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Hash 40a54c3ecf143b64096b063ff793fdbb
017eafffc5e55226a2aec0dd3c03f1b6130a6bab
39b439471019cb16f819e05166d23492593310fd55cce8471062d8f2dc5de423
GET /landings/277386/1674482702/images/favicon.png?t=20230125062817 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzdakg.palatlaldate.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: YQanReiXiI7NZ23vPBby7IQJhYE2Cnz9Vh8SigrEHGPa1Pra3f9MNxA9NfPFdxLpBCathK/4Ga0=
x-amz-request-id: VYHMF5MPHTWA8S2H
Last-Modified: Mon, 23 Jan 2023 14:05:07 GMT
ETag: "40a54c3ecf143b64096b063ff793fdbb"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 4093
Date: Wed, 25 Jan 2023 06:28:17 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
vzdakg.palatlaldate.net/ortb
63.32.216.166200 OK 29 B URL HTTP/2 vzdakg.palatlaldate.net/ortb
IP 63.32.216.166:0
File type JSON data\012- , ASCII text, with no line terminators
Hash c453d1e33844d14bbd7ec2846eb408f6
b934f52ed7fbed0cee5874cb0fcafdd1cb450fcd
2b159267580e469b4eed0aaf47253e353fdf727043d52d969bd85cbff7fd4a1a
Analyzer Verdict Alert fortinet Phishing
POST /ortb HTTP/1.1
Host: vzdakg.palatlaldate.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 348
Origin: https://vzdakg.palatlaldate.net
Connection: keep-alive
Referer: https://vzdakg.palatlaldate.net/?s1=165722&s2=1711633&s3=[siteid]&s5=backuser&click_id=uviou63d0cc000007fd49&iexpp=1&j1=1&browser=%5Bbrowser%5D&carrier=%5Bcarrier%5D&category=%5Bcategory%5D&siteid=%5Bsiteid%5D&utm_source=da57dc555e50572d
Cookie: unique_id=63d0b242000d885e; unique_id2=63d0702300069e81; 63d0702300069e81_c=1; ref_token=16403_165722; impression=; 63d0702300069e81_sl=[277386]
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:17 GMT
content-type: text/plain; charset=utf-8
content-length: 29
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 3e7fdf1ab4be9ee80518d0400683f0d3
dd2ec6511ba05e7fb89d32a1ad407db5eaa1520b
eb789178a0b528aad87a5bf0d05aecd45e7623ebaf198820f9310887757e1d5f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 06:28:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
vzdakg.palatlaldate.net/js/pushjs/1.0.0/subscriber.js
63.32.216.166200 OK 3.8 kB URL HTTP/2 vzdakg.palatlaldate.net/js/pushjs/1.0.0/subscriber.js
IP 63.32.216.166:0
Hash 0402aadfdd2a601124a64bed5fdcba11
43d312ca12d3f2799475bdaada3268ef8c9fe85e
ea65b19d1a73e3ec6d90447ec9878c82039104fe6a6e3b1758cb47ac60b99ad5
Analyzer Verdict Alert fortinet Phishing
GET /js/pushjs/1.0.0/subscriber.js HTTP/1.1
Host: vzdakg.palatlaldate.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzdakg.palatlaldate.net/?s1=165722&s2=1711633&s3=[siteid]&s5=backuser&click_id=uviou63d0cc000007fd49&iexpp=1&j1=1&browser=%5Bbrowser%5D&carrier=%5Bcarrier%5D&category=%5Bcategory%5D&siteid=%5Bsiteid%5D&utm_source=da57dc555e50572d
Cookie: unique_id=63d0b242000d885e; unique_id2=63d0702300069e81; 63d0702300069e81_c=1; ref_token=16403_165722; impression=; 63d0702300069e81_sl=[277386]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:17 GMT
content-type: application/javascript
expires: Wed, 01 Feb 2023 06:28:17 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://vzdakg.palatlaldate.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 24 Jan 2023 13:09:06 GMT
expires: Wed, 24 Jan 2024 13:09:06 GMT
cache-control: public, max-age=31536000
age: 62351
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://vzdakg.palatlaldate.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 18 Jan 2023 19:33:54 GMT
expires: Thu, 18 Jan 2024 19:33:54 GMT
cache-control: public, max-age=31536000
age: 557663
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 3e7fdf1ab4be9ee80518d0400683f0d3
dd2ec6511ba05e7fb89d32a1ad407db5eaa1520b
eb789178a0b528aad87a5bf0d05aecd45e7623ebaf198820f9310887757e1d5f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 06:28:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
vzdakg.palatlaldate.net/js/pushjs/1.0.0/utils.js
63.32.216.166200 OK 13 kB URL HTTP/2 vzdakg.palatlaldate.net/js/pushjs/1.0.0/utils.js
IP 63.32.216.166:0
File type C source, ASCII text, with very long lines (42618)
Hash 59fa3a07df5ed2405f419b06efe62d9d
811092c5025de5ed9333b12280fe4698eb9bfa40
4222cbf641eda504313b3f8d4e0cb2ff58b654e87bfafc3c50653ef9c6286107
Analyzer Verdict Alert fortinet Phishing
GET /js/pushjs/1.0.0/utils.js HTTP/1.1
Host: vzdakg.palatlaldate.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzdakg.palatlaldate.net/?s1=165722&s2=1711633&s3=[siteid]&s5=backuser&click_id=uviou63d0cc000007fd49&iexpp=1&j1=1&browser=%5Bbrowser%5D&carrier=%5Bcarrier%5D&category=%5Bcategory%5D&siteid=%5Bsiteid%5D&utm_source=da57dc555e50572d
Cookie: unique_id=63d0b242000d885e; unique_id2=63d0702300069e81; 63d0702300069e81_c=1; ref_token=16403_165722; impression=; 63d0702300069e81_sl=[277386]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:17 GMT
content-type: application/javascript
expires: Wed, 01 Feb 2023 06:28:17 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
cdn-dimi.akamaized.net/landings/277386/1674482702/images/2.jpg
184.31.15.107200 OK 103 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/images/2.jpg
IP 184.31.15.107:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 960x1280, components 3\012- data
Size 103 kB (102832 bytes)
Hash 3b8b455b24c71ae1f928266241e9517e
8b98ca60c92b83e039c3b996f090883ed8b7ca75
c8d05f7eda85f68f0a08307eeee4e481282fda95570dd53f300b8aadd4f504f6
GET /landings/277386/1674482702/images/2.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzdakg.palatlaldate.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: RdPhbTB9r632ozS/St1cnGnamN0RIvfE3PophniYMWBACCFdaB54u381MoRVVjRX9UhrcPSEUJg=
x-amz-request-id: G5YMWRHNVKP9PDXB
Last-Modified: Mon, 23 Jan 2023 14:05:05 GMT
ETag: "3b8b455b24c71ae1f928266241e9517e"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 102832
Date: Wed, 25 Jan 2023 06:28:18 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277386/1674482702/images/3.jpg
184.31.15.107200 OK 150 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/images/3.jpg
IP 184.31.15.107:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 1108x1280, components 3\012- data
Size 150 kB (149812 bytes)
Hash 8ff03d86c53d978e5527374b5bcd5114
2b63b0853d74e24d74d26dbf9622c407e3c74ea9
10dedae19a11a0cf1cea2db4646bde720e63e35140f38ae3453fa2a4e4649e1c
GET /landings/277386/1674482702/images/3.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vzdakg.palatlaldate.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: uGjMvPJ93SKnwRL9hGX32++Lfr22rVpwgJD7DHTxKjwlWnKXlLIk96ziR7tk1sq8pLBMBeCYrxc=
x-amz-request-id: G5YWXM3WSNVK1GV9
Last-Modified: Mon, 23 Jan 2023 14:05:06 GMT
ETag: "8ff03d86c53d978e5527374b5bcd5114"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 149812
Date: Wed, 25 Jan 2023 06:28:18 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
2.wheatocapha.tk/?p=mi4tqnbqgq5gi3bpgq2dinq&sub1=[browser]&sub2=[category]&sub3=[siteid]&sub4=[carrier]
185.177.93.20200 OK 0 B URL HTTP/2 2.wheatocapha.tk/?p=mi4tqnbqgq5gi3bpgq2dinq&sub1=[browser]&sub2=[category]&sub3=[siteid]&sub4=[carrier]
IP 185.177.93.20:0
ASN #39572 DataWeb Global Group B.V.
GET /?p=mi4tqnbqgq5gi3bpgq2dinq&sub1=[browser]&sub2=[category]&sub3=[siteid]&sub4=[carrier] HTTP/1.1
Host: 2.wheatocapha.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.wheatocapha.tk/
Cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:14 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8; expires=Fri, 24-Feb-2023 06:28:15 GMT; Max-Age=2592000; path=/; domain=2.wheatocapha.tk
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
1.wheatocapha.tk/?p=mi4tqnbqgq5gi3bpgq2dinq&sub1=[browser]&sub2=[category]&sub3=[siteid]&sub4=[carrier]
185.177.93.20200 OK 0 B URL HTTP/2 1.wheatocapha.tk/?p=mi4tqnbqgq5gi3bpgq2dinq&sub1=[browser]&sub2=[category]&sub3=[siteid]&sub4=[carrier]
IP 185.177.93.20:0
ASN #39572 DataWeb Global Group B.V.
GET /?p=mi4tqnbqgq5gi3bpgq2dinq&sub1=[browser]&sub2=[category]&sub3=[siteid]&sub4=[carrier] HTTP/1.1
Host: 1.wheatocapha.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.wheatocapha.tk/
Cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:14 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8; expires=Fri, 24-Feb-2023 06:28:15 GMT; Max-Age=2592000; path=/; domain=1.wheatocapha.tk
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
zworker10.com/sw/w_2.js
212.83.145.251200 OK 0 B IP 212.83.145.251:0
GET /sw/w_2.js HTTP/1.1
Host: zworker10.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1.wheatocapha.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 25 Jan 2024 06:28:15 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Ubuntu:wght@400;700&display=swap
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Ubuntu:wght@400;700&display=swap
IP 142.250.74.106:0
GET /css2?family=Ubuntu:wght@400;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 25 Jan 2023 06:28:17 GMT
date: Wed, 25 Jan 2023 06:28:17 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn-dimi.akamaized.net/landings/277386/1674482702/images/1.mp4
184.31.15.107206 Partial Content 0 B URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277386/1674482702/images/1.mp4
IP 184.31.15.107:0
ASN #20940 Akamai International B.V.
GET /landings/277386/1674482702/images/1.mp4 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://vzdakg.palatlaldate.net/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
x-amz-id-2: U7CL1vwbzZOLFeouWULoviFXqZUtZ3HWHuLuZJMO3oGQGUZZMNJ505cMQfzV1ClZCKSxX7lhfe8=
x-amz-request-id: KTTYJ6Q4191Y8FGC
Last-Modified: Mon, 23 Jan 2023 14:05:05 GMT
ETag: "379ddec6d7d6e118bd7565d1c83dbb90"
Accept-Ranges: bytes
Content-Type: video/mp4
Server: AmazonS3
Date: Wed, 25 Jan 2023 06:28:18 GMT
Content-Range: bytes 0-1560163/1560164
Content-Length: 1560164
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
0.wheatocapha.tk/?p=mi4tqnbqgq5gi3bpgq2dinq&sub1=[browser]&sub2=[category]&sub3=[siteid]&sub4=[carrier]
185.177.93.20200 OK 0 B URL HTTP/2 0.wheatocapha.tk/?p=mi4tqnbqgq5gi3bpgq2dinq&sub1=[browser]&sub2=[category]&sub3=[siteid]&sub4=[carrier]
IP 185.177.93.20:0
ASN #39572 DataWeb Global Group B.V.
GET /?p=mi4tqnbqgq5gi3bpgq2dinq&sub1=[browser]&sub2=[category]&sub3=[siteid]&sub4=[carrier] HTTP/1.1
Host: 0.wheatocapha.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wheatocapha.tk/
Cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:13 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8; expires=Fri, 24-Feb-2023 06:28:14 GMT; Max-Age=2592000; path=/; domain=0.wheatocapha.tk
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Roboto:wght@300;400;700&display=swap
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css2?family=Roboto:wght@300;400;700&display=swap
IP 142.250.74.106:0
GET /css2?family=Roboto:wght@300;400;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 25 Jan 2023 06:28:17 GMT
date: Wed, 25 Jan 2023 06:28:17 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
wheatocapha.tk/?p=mi4tqnbqgq5gi3bpgq2dinq&sub1=[browser]&sub2=[category]&sub3=[siteid]&sub4=[carrier]&cpc=[bid]
185.177.93.20200 OK 0 B URL HTTP/2 wheatocapha.tk/?p=mi4tqnbqgq5gi3bpgq2dinq&sub1=[browser]&sub2=[category]&sub3=[siteid]&sub4=[carrier]&cpc=[bid]
IP 185.177.93.20:0
ASN #39572 DataWeb Global Group B.V.
GET /?p=mi4tqnbqgq5gi3bpgq2dinq&sub1=[browser]&sub2=[category]&sub3=[siteid]&sub4=[carrier]&cpc=[bid] HTTP/1.1
Host: wheatocapha.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:12 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: uuid=a69556d7-b713-4d84-b4c9-8bff7713b5e8; expires=Fri, 24-Feb-2023 06:28:13 GMT; Max-Age=2592000; path=/; domain=wheatocapha.tk
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
zworker10.com/sw/w_2.js
212.83.145.251200 OK 0 B IP 212.83.145.251:0
GET /sw/w_2.js HTTP/1.1
Host: zworker10.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3.wheatocapha.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:16 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 25 Jan 2024 06:28:16 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
vzdakg.palatlaldate.net/js/service-worker.js
63.32.216.166200 OK 0 B URL HTTP/2 vzdakg.palatlaldate.net/js/service-worker.js
IP 63.32.216.166:0
Analyzer Verdict Alert fortinet Phishing
GET /js/service-worker.js HTTP/1.1
Host: vzdakg.palatlaldate.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: unique_id=63d0b242000d885e; unique_id2=63d0702300069e81; 63d0702300069e81_c=1; ref_token=16403_165722; impression=; 63d0702300069e81_sl=[277386]
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:17 GMT
content-type: application/javascript
expires: Wed, 01 Feb 2023 06:28:17 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
zworker10.com/sw/w_2.js
212.83.145.251200 OK 0 B IP 212.83.145.251:0
GET /sw/w_2.js HTTP/1.1
Host: zworker10.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wheatocapha.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:13 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 25 Jan 2024 06:28:13 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
zworker10.com/sw/w_2.js
212.83.145.251200 OK 0 B IP 212.83.145.251:0
GET /sw/w_2.js HTTP/1.1
Host: zworker10.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://0.wheatocapha.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:14 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 25 Jan 2024 06:28:14 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2
zworker10.com/sw/w_2.js
212.83.145.251200 OK 0 B IP 212.83.145.251:0
GET /sw/w_2.js HTTP/1.1
Host: zworker10.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://2.wheatocapha.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 06:28:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 25 Jan 2024 06:28:15 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
X-Firefox-Spdy: h2