| ciimaclub.click/watch/%D9%85%D8%B3%D9%84%D8%B3%D9%84-the-last-of-us-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-6-%D8%A7%D9%84%D8%B3%D8%A7%D8%AF%D8%B3%D8%A9 | 104.21.50.41 | 301 Moved Permanently | 0 B |
URL HTTP/1.1ciimaclub.click/watch/%D9%85%D8%B3%D9%84%D8%B3%D9%84-the-last-of-us-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-6-%D8%A7%D9%84%D8%B3%D8%A7%D8%AF%D8%B3%D8%A9 IP104.21.50.41:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /watch/%D9%85%D8%B3%D9%84%D8%B3%D9%84-the-last-of-us-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-6-%D8%A7%D9%84%D8%B3%D8%A7%D8%AF%D8%B3%D8%A9 HTTP/1.1
Host: ciimaclub.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 25 Feb 2023 18:35:38 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 25 Feb 2023 19:35:38 GMT
Location: https://ciimaclub.click/watch/%D9%85%D8%B3%D9%84%D8%B3%D9%84-the-last-of-us-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-6-%D8%A7%D9%84%D8%B3%D8%A7%D8%AF%D8%B3%D8%A9
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nLpDZTUi2S%2FXdBKh9ns%2BSnv5rY5jycSmM6dlS1RoJzx%2Brq7EZS5DLwOKCxd0wGSLU9vKRdlxP4WOJdgoICpfsNEB9dlu5IgEtyhsNeB%2BH4b%2FPARVeQls%2Fr%2BdsxYvEiZ29mE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79f28aba88dcfac0-OSL
alt-svc: h2=":443"; ma=60
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash8083775b7a6637d27672cc4a2581fa2d 023420d026fbf2cd0f69d5606524094011375202 66664ed1d36948fe99498950e3525d03c1797689c9186c4cd0bd5ded531b3bac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "66664ED1D36948FE99498950E3525D03C1797689C9186C4CD0BD5DED531B3BAC"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8268
Expires: Sat, 25 Feb 2023 20:53:26 GMT
Date: Sat, 25 Feb 2023 18:35:38 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash7a57f620f4b5b83c5c9520e881269446 d46ca3756afc5d9775c1e48c78b39d11574d507a 8417deae76018365ad55aabd7950ed99f429e02c3915626137695f90c955215b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8417DEAE76018365AD55AABD7950ED99F429E02C3915626137695F90C955215B"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11005
Expires: Sat, 25 Feb 2023 21:39:03 GMT
Date: Sat, 25 Feb 2023 18:35:38 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/ | 35.241.9.150 | 200 OK | 939 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/ IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hash4ad6984a756720fbfff47b37a75513a2 355e35258114452af8b9638985ed9d8ef3bf0aca 43181fccb10652c68cae86e5e32b4e8f426fb5ad49d8125cb99e072cff573cf5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 25 Feb 2023 18:07:48 GMT
content-type: application/json
age: 1670
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash29cfccb9238759ed21dbb0d92cae75f8 f41ad1b02e353cd2b33af7618c71cc16fae2886e 91e392e78e584e8a82762dab0d5615aa1af3893237d601db3d45bb6fad488580
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91E392E78E584E8A82762DAB0D5615AA1AF3893237D601DB3D45BB6FAD488580"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15430
Expires: Sat, 25 Feb 2023 22:52:48 GMT
Date: Sat, 25 Feb 2023 18:35:38 GMT
Connection: keep-alive
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hashb5ba6334e73496995e3e3a9ecd0eb323 ad80d3b7718c28364e8c2004fb38a13a1747e462 aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: W7wF0OlUafydxe7B/1kHgnmdvIM46YPW1177Xei+H8rcj57mhxrgvoB+d6wLju1AXYh2ECsMByy8KiX4owjH/w==
x-amz-request-id: E1BVGK8XA8Z3D67V
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 25 Feb 2023 18:31:06 GMT
age: 272
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/s/gts1p5/P_8nCgYsw4o | 142.250.74.131 | 200 OK | 471 B |
URL HTTP/1.1ocsp.pki.goog/s/gts1p5/P_8nCgYsw4o IP142.250.74.131:0
Hash7a9fa36f1ed18e7cc2e0cf9d4dba8b76 4b7a92b9fcd63550f662acd79a44e50512b5f7b1 128ee188babde17cf53bf996c3e00234143f00849ba91e1e00e2bd9499cf299e
POST /s/gts1p5/P_8nCgYsw4o HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 18:35:38 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Feb 2023 18:35:38 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ciimaclub.click/themes/CimaClub/img/download-folder-black.png | 172.67.200.187 | 200 OK | 1.1 kB |
URL HTTP/2ciimaclub.click/themes/CimaClub/img/download-folder-black.png IP172.67.200.187:0
File typePNG image data, 58 x 58, 8-bit/color RGBA, non-interlaced\012- data Hashb7cd66101c97186efcd73d999c21b7fe b0ea694183b6cafcbad98a1cc294b55cb816230b 859a8055fa05e0f8f8ff4ca6c96f21832edbb654332a5b8201a5eb1e07de22c6
GET /themes/CimaClub/img/download-folder-black.png HTTP/1.1
Host: ciimaclub.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ciimaclub.click/watch/%D9%85%D8%B3%D9%84%D8%B3%D9%84-the-last-of-us-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-6-%D8%A7%D9%84%D8%B3%D8%A7%D8%AF%D8%B3%D8%A9
Cookie: XSRF-TOKEN=eyJpdiI6IjJQZms0OW1iXC9GeXJ0bGVMM1wvMVwvRkE9PSIsInZhbHVlIjoid212clJ3TlJqV29vTEJtMTdRcWRoVGZ2UmhESytpYUpsWkNEc2JzTGFRMTdQN2JCYWNIU3Izbjd2eDV3ajhDVSIsIm1hYyI6IjkyOTQyMzBhYTc2ZDg4ZThmMjE0NWE4NDY2YjFhYmVmNGZmMmYzZjJiZjg5OTRhYTEyYzE4MDRhYzc2ZTJjNDkifQ%3D%3D; cimaclub_session=eyJpdiI6IjFDK2xzN0piRVVUNzJCMDVXdzNcL3NnPT0iLCJ2YWx1ZSI6IjlnSnZjXC9RRmpBbDVPRXFiVGgyXC9OMkh3OUU2SExDUEZtWmxPQ2h2TnBXMWdmZkZsd0Y3dzhvREFSaERkNWpvdSIsIm1hYyI6ImRiZGRjM2JkNTI3Yzc0YThkODQzNDUyNmMzNDRlMmVmMjA5YWYwZWRlZTlmYTI1NzgzNzMzMGJkM2E3ZDlkMDkifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 18:35:38 GMT
content-type: image/png
content-length: 1055
last-modified: Tue, 26 Nov 2019 18:46:14 GMT
etag: "5ddd72f6-41f"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4229
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mXqdkNL1efsw%2BZFzt34N5kKweGwSFRyj8B%2BkoLnh7y32q9RYOwg2DNzNmHVygTzPUgTUgFdQ%2FS5PnPjURZICV0oH1ppzYEYRV2zqK7OiXTcOc4rjiJDjlEbIVfWeJ1Mundg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f28abdbdd3b51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ciimaclub.click/themes/CimaClub/img/download-folder-white.png | 172.67.200.187 | 200 OK | 950 B |
URL HTTP/2ciimaclub.click/themes/CimaClub/img/download-folder-white.png IP172.67.200.187:0
File typePNG image data, 58 x 58, 8-bit/color RGBA, non-interlaced\012- data Hash68117493bdd3a8ddb2aac4200b5a86f1 a3566bb64f5aab24581503692e816a4fbc6ae56b ecc7d6c84f87d19fc26a755d24415d994548de55c7a4569f545aee68588a50cb
GET /themes/CimaClub/img/download-folder-white.png HTTP/1.1
Host: ciimaclub.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ciimaclub.click/watch/%D9%85%D8%B3%D9%84%D8%B3%D9%84-the-last-of-us-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-6-%D8%A7%D9%84%D8%B3%D8%A7%D8%AF%D8%B3%D8%A9
Cookie: XSRF-TOKEN=eyJpdiI6IjJQZms0OW1iXC9GeXJ0bGVMM1wvMVwvRkE9PSIsInZhbHVlIjoid212clJ3TlJqV29vTEJtMTdRcWRoVGZ2UmhESytpYUpsWkNEc2JzTGFRMTdQN2JCYWNIU3Izbjd2eDV3ajhDVSIsIm1hYyI6IjkyOTQyMzBhYTc2ZDg4ZThmMjE0NWE4NDY2YjFhYmVmNGZmMmYzZjJiZjg5OTRhYTEyYzE4MDRhYzc2ZTJjNDkifQ%3D%3D; cimaclub_session=eyJpdiI6IjFDK2xzN0piRVVUNzJCMDVXdzNcL3NnPT0iLCJ2YWx1ZSI6IjlnSnZjXC9RRmpBbDVPRXFiVGgyXC9OMkh3OUU2SExDUEZtWmxPQ2h2TnBXMWdmZkZsd0Y3dzhvREFSaERkNWpvdSIsIm1hYyI6ImRiZGRjM2JkNTI3Yzc0YThkODQzNDUyNmMzNDRlMmVmMjA5YWYwZWRlZTlmYTI1NzgzNzMzMGJkM2E3ZDlkMDkifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 18:35:38 GMT
content-type: image/png
content-length: 950
last-modified: Tue, 26 Nov 2019 18:46:14 GMT
etag: "5ddd72f6-3b6"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4229
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2lK02TVOHJ0jpwzdk%2Fz%2BkyX621hSosYG8RNexxjWWJN2M735T7gOkBrRZCKGYjIGbWooOxadDkXLli8z4CnDvc%2FtcnXdMNsCC8TnL2ytzDFvZA6320ye%2BnJM%2FFk3qGQRfi8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f28abdbdd8b51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ciimaclub.click/themes/CimaClub/img/logo-xc.png | 172.67.200.187 | 200 OK | 1.7 kB |
URL HTTP/2ciimaclub.click/themes/CimaClub/img/logo-xc.png IP172.67.200.187:0
File typePNG image data, 100 x 58, 8-bit/color RGBA, non-interlaced\012- data Hashe52e677354942304ff660fab73596171 f3a35a7c5acc832bc15d4479dba8ed6e05452c3d 653a524c49313b1ffbeeb31b964d45737358eeeaf0a0ed08344d8330ba89c538
GET /themes/CimaClub/img/logo-xc.png HTTP/1.1
Host: ciimaclub.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ciimaclub.click/watch/%D9%85%D8%B3%D9%84%D8%B3%D9%84-the-last-of-us-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-6-%D8%A7%D9%84%D8%B3%D8%A7%D8%AF%D8%B3%D8%A9
Cookie: XSRF-TOKEN=eyJpdiI6IjJQZms0OW1iXC9GeXJ0bGVMM1wvMVwvRkE9PSIsInZhbHVlIjoid212clJ3TlJqV29vTEJtMTdRcWRoVGZ2UmhESytpYUpsWkNEc2JzTGFRMTdQN2JCYWNIU3Izbjd2eDV3ajhDVSIsIm1hYyI6IjkyOTQyMzBhYTc2ZDg4ZThmMjE0NWE4NDY2YjFhYmVmNGZmMmYzZjJiZjg5OTRhYTEyYzE4MDRhYzc2ZTJjNDkifQ%3D%3D; cimaclub_session=eyJpdiI6IjFDK2xzN0piRVVUNzJCMDVXdzNcL3NnPT0iLCJ2YWx1ZSI6IjlnSnZjXC9RRmpBbDVPRXFiVGgyXC9OMkh3OUU2SExDUEZtWmxPQ2h2TnBXMWdmZkZsd0Y3dzhvREFSaERkNWpvdSIsIm1hYyI6ImRiZGRjM2JkNTI3Yzc0YThkODQzNDUyNmMzNDRlMmVmMjA5YWYwZWRlZTlmYTI1NzgzNzMzMGJkM2E3ZDlkMDkifQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 18:35:38 GMT
content-type: image/png
content-length: 1731
last-modified: Thu, 02 Dec 2021 15:43:38 GMT
etag: "61a8e9aa-6c3"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1694
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bL674%2Fpa68NrA03WCvCDCofrtKaCJmhKf%2Bf4FkFfisuG9IFPQwPUtQaduhTbKMiJDHF%2FFt33ShfGKgL5n8CLlvmGzDc%2FSpCFQLjDZ19glqW3CdeNM2HKdBDb6E7icJh7QaE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f28abdbdddb51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/s/gts1p5/P_8nCgYsw4o | 142.250.74.131 | 200 OK | 471 B |
URL HTTP/1.1ocsp.pki.goog/s/gts1p5/P_8nCgYsw4o IP142.250.74.131:0
Hash7a9fa36f1ed18e7cc2e0cf9d4dba8b76 4b7a92b9fcd63550f662acd79a44e50512b5f7b1 128ee188babde17cf53bf996c3e00234143f00849ba91e1e00e2bd9499cf299e
POST /s/gts1p5/P_8nCgYsw4o HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 18:35:38 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 471 B |
IP142.250.74.131:0
Hash5d6d2dc56034ceeb9879a97a225229c5 97cc164f3bb36a445348f872091edf29358b4621 2aef17106815e6ff6a7639355abb7b756df360e015ff15bc14c8ffe454cad0d2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 18:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| www.googletagmanager.com/gtag/js?id=UA-174083888-1 | 142.250.74.168 | 200 OK | 46 kB |
URL HTTP/2www.googletagmanager.com/gtag/js?id=UA-174083888-1 IP142.250.74.168:0
File typeASCII text, with very long lines (2206) Hashf7f2c51d7d1c9603f141e642fd1fd4a7 9da0ac62efbc3643400bf6fdde7c295270bcc037 69acc0fea013c34ed3bd35c46c2cfe8f665ef79cae2b2ac58033340884df3399
GET /gtag/js?id=UA-174083888-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ciimaclub.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 25 Feb 2023 18:35:38 GMT
expires: Sat, 25 Feb 2023 18:35:38 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 45592
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 472 B |
IP142.250.74.131:0
Hash6832ad0cb02cc3a3b8b396c543188bed be89c17eb73e465ff69c67f30162d45fa8e2d8a4 4e327ab482594d6bdf040d2fd8f8fc9213aaf1014c1f74587a976981cc741aa2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 18:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ciimaclub.click/themes/CimaClub/js/pusher.min.js?v=1.1.7 | 172.67.200.187 | 200 OK | 17 kB |
URL HTTP/2ciimaclub.click/themes/CimaClub/js/pusher.min.js?v=1.1.7 IP172.67.200.187:0
File typeASCII text, with very long lines (61618), with no line terminators Hash10f204efacc0bcf4acb86b2efcae4604 7376229e02cadff523ae6e68c96d4157380ed046 d47f999a1478f2a425ea0a64e4126f7f42b9bc7311c6c48d53bb1b80f7aba0e0
GET /themes/CimaClub/js/pusher.min.js?v=1.1.7 HTTP/1.1
Host: ciimaclub.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ciimaclub.click/watch/%D9%85%D8%B3%D9%84%D8%B3%D9%84-the-last-of-us-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-6-%D8%A7%D9%84%D8%B3%D8%A7%D8%AF%D8%B3%D8%A9
Cookie: XSRF-TOKEN=eyJpdiI6IjJQZms0OW1iXC9GeXJ0bGVMM1wvMVwvRkE9PSIsInZhbHVlIjoid212clJ3TlJqV29vTEJtMTdRcWRoVGZ2UmhESytpYUpsWkNEc2JzTGFRMTdQN2JCYWNIU3Izbjd2eDV3ajhDVSIsIm1hYyI6IjkyOTQyMzBhYTc2ZDg4ZThmMjE0NWE4NDY2YjFhYmVmNGZmMmYzZjJiZjg5OTRhYTEyYzE4MDRhYzc2ZTJjNDkifQ%3D%3D; cimaclub_session=eyJpdiI6IjFDK2xzN0piRVVUNzJCMDVXdzNcL3NnPT0iLCJ2YWx1ZSI6IjlnSnZjXC9RRmpBbDVPRXFiVGgyXC9OMkh3OUU2SExDUEZtWmxPQ2h2TnBXMWdmZkZsd0Y3dzhvREFSaERkNWpvdSIsIm1hYyI6ImRiZGRjM2JkNTI3Yzc0YThkODQzNDUyNmMzNDRlMmVmMjA5YWYwZWRlZTlmYTI1NzgzNzMzMGJkM2E3ZDlkMDkifQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 18:35:38 GMT
content-type: application/javascript
last-modified: Sat, 06 Apr 2019 20:24:04 GMT
etag: W/"5ca90ae4-f0b2"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1690
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SUiKoayh3VAVW8THhHWV9y553M6Pk7cdb8BWrfrO6IUkGYQHzzt42lgRRPA4POHauAjw8A2g8t%2FGonk9OkNdcOEA1jJ%2B77QMxVzLwPseOS2sjiVMPIaaC8GdG1vlzQoPOak%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f28abdbde4b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 472 B |
IP142.250.74.131:0
Hash0c61fa65db2b0649528a3908a0805d13 519a1fe9345f3aa51fa68d1e25b6c8c33ff006fd 753cf83a67ce001049736872db65156c5d6787e37533b173a4331fb6137e7c2a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 18:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 471 B |
IP142.250.74.131:0
Hash5d6d2dc56034ceeb9879a97a225229c5 97cc164f3bb36a445348f872091edf29358b4621 2aef17106815e6ff6a7639355abb7b756df360e015ff15bc14c8ffe454cad0d2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 18:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 472 B |
IP142.250.74.131:0
Hash0c61fa65db2b0649528a3908a0805d13 519a1fe9345f3aa51fa68d1e25b6c8c33ff006fd 753cf83a67ce001049736872db65156c5d6787e37533b173a4331fb6137e7c2a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 18:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css | 104.18.11.207 | 200 OK | 84 kB |
URL HTTP/2stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css IP104.18.11.207:0
File typeASCII text, with very long lines (30837) Hash04448a1cfce4098dcffe408f6f4488ff a4f785239755acfde628ddb36268eda838c839e5 b3616da3db7c4e1f842f4e921e4df2ed1f0c91874e4f4a814b269fe78d44c13d
GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ciimaclub.click
Connection: keep-alive
Referer: https://ciimaclub.click/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Feb 2023 18:35:38 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"269550530cc127b6aa5a35925a7de6ce"
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 11/18/2022 06:18:29
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 722
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: f8fe301cdb73c3447511e0ccfc7ba4aa
cdn-cache: HIT
cf-cache-status: HIT
age: 1143390
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 79f28abdeac7b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ciimaclub.click/themes/CimaClub/css/tornado-rtl.css?v=1.9.7 | 172.67.200.187 | 200 OK | 47 kB |
URL HTTP/2ciimaclub.click/themes/CimaClub/css/tornado-rtl.css?v=1.9.7 IP172.67.200.187:0
File typeASCII text, with very long lines (65536), with no line terminators Hashed23cd66b279445210df8cab317a8184 d0b311662a80bd75a368c04cd66406b6a57596dc ea49827fe52d293912f7935f7fac5aee6be8a669e413416380b2c80601de55ef
GET /themes/CimaClub/css/tornado-rtl.css?v=1.9.7 HTTP/1.1
Host: ciimaclub.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ciimaclub.click/watch/%D9%85%D8%B3%D9%84%D8%B3%D9%84-the-last-of-us-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-6-%D8%A7%D9%84%D8%B3%D8%A7%D8%AF%D8%B3%D8%A9
Cookie: XSRF-TOKEN=eyJpdiI6IjJQZms0OW1iXC9GeXJ0bGVMM1wvMVwvRkE9PSIsInZhbHVlIjoid212clJ3TlJqV29vTEJtMTdRcWRoVGZ2UmhESytpYUpsWkNEc2JzTGFRMTdQN2JCYWNIU3Izbjd2eDV3ajhDVSIsIm1hYyI6IjkyOTQyMzBhYTc2ZDg4ZThmMjE0NWE4NDY2YjFhYmVmNGZmMmYzZjJiZjg5OTRhYTEyYzE4MDRhYzc2ZTJjNDkifQ%3D%3D; cimaclub_session=eyJpdiI6IjFDK2xzN0piRVVUNzJCMDVXdzNcL3NnPT0iLCJ2YWx1ZSI6IjlnSnZjXC9RRmpBbDVPRXFiVGgyXC9OMkh3OUU2SExDUEZtWmxPQ2h2TnBXMWdmZkZsd0Y3dzhvREFSaERkNWpvdSIsIm1hYyI6ImRiZGRjM2JkNTI3Yzc0YThkODQzNDUyNmMzNDRlMmVmMjA5YWYwZWRlZTlmYTI1NzgzNzMzMGJkM2E3ZDlkMDkifQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 18:35:38 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=278425
etag: W/"600069db-43f99"
last-modified: Thu, 14 Jan 2021 15:57:15 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2845
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7fvDvBeI%2BKLMUgoWpgJxrNj%2Bh%2Bk2Bxx08UTVyKM4pU0C%2B1tGEyA%2BZ3AkgYg23MBU3rJ1a951%2F4dcAAvHeY2X5u%2Bes5W7XVLuVoJj3hW%2B3Ds61DI98zSuwTREtc0i%2FYDkFfw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f28abdadbfb51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 472 B |
IP142.250.74.131:0
Hash4432722afb07ba74051c88ed8a3d0c96 e5715d828785bd764f820cde1e387e4e83aaae99 bfcd2cd628b37ac53fcf981f360c95f65596b61bc8ea8dcee44b9a128bb3e48d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 18:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 472 B |
IP142.250.74.131:0
Hash4432722afb07ba74051c88ed8a3d0c96 e5715d828785bd764f820cde1e387e4e83aaae99 bfcd2cd628b37ac53fcf981f360c95f65596b61bc8ea8dcee44b9a128bb3e48d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 18:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 472 B |
IP142.250.74.131:0
Hash4432722afb07ba74051c88ed8a3d0c96 e5715d828785bd764f820cde1e387e4e83aaae99 bfcd2cd628b37ac53fcf981f360c95f65596b61bc8ea8dcee44b9a128bb3e48d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 18:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| fonts.gstatic.com/s/tajawal/v9/Iurf6YBj_oCad4k1l8KiHrFpiQ.woff2 | 216.58.207.227 | 200 OK | 9.9 kB |
URL HTTP/2fonts.gstatic.com/s/tajawal/v9/Iurf6YBj_oCad4k1l8KiHrFpiQ.woff2 IP216.58.207.227:0
File typeWeb Open Font Format (Version 2), TrueType, length 9900, version 1.0\012- data Hash7256be46335261573e1ab1dc7f6539f0 abeac1b7890a903ac951c522bc9b3039ec6fa1f8 9986de5db80ec050300f1cea25d651a5779ae62b91a39b5667ac23d0c7668cbb
GET /s/tajawal/v9/Iurf6YBj_oCad4k1l8KiHrFpiQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ciimaclub.click
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9900
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Feb 2023 10:20:22 GMT
expires: Fri, 23 Feb 2024 10:20:22 GMT
cache-control: public, max-age=31536000
age: 202516
last-modified: Wed, 27 Apr 2022 16:01:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 472 B |
IP142.250.74.131:0
Hash4432722afb07ba74051c88ed8a3d0c96 e5715d828785bd764f820cde1e387e4e83aaae99 bfcd2cd628b37ac53fcf981f360c95f65596b61bc8ea8dcee44b9a128bb3e48d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 18:35:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| fonts.gstatic.com/s/changa/v20/2-cm9JNi2YuVOUckZpy-.woff2 | 216.58.207.227 | 200 OK | 22 kB |
URL HTTP/2fonts.gstatic.com/s/changa/v20/2-cm9JNi2YuVOUckZpy-.woff2 IP216.58.207.227:0
File typeWeb Open Font Format (Version 2), TrueType, length 22056, version 1.0\012- data Hash6837d478d967d755114a1e1cd66da217 26095c8e77890874b47ee5e897627c51776afaa7 d830e0afba0d363cc75a59792bab42fb2420073c59623135a291a25c10493bee
GET /s/changa/v20/2-cm9JNi2YuVOUckZpy-.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ciimaclub.click
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22056
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 22 Feb 2023 13:20:23 GMT
expires: Thu, 22 Feb 2024 13:20:23 GMT
cache-control: public, max-age=31536000
age: 278116
last-modified: Fri, 24 Jun 2022 18:40:46 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/tajawal/v9/Iurf6YBj_oCad4k1l5anHrRpiYlJ.woff2 | 216.58.207.227 | 200 OK | 9.0 kB |
URL HTTP/2fonts.gstatic.com/s/tajawal/v9/Iurf6YBj_oCad4k1l5anHrRpiYlJ.woff2 IP216.58.207.227:0
File typeWeb Open Font Format (Version 2), TrueType, length 9032, version 1.0\012- data Hash1420b4cb8aaedb5607ef10763bd4f608 430ab060799bb992c542d7f0d262cb685d3b921b f35be424a435340fa1b6bf36b2482ed2178092f777824f6b00f03cad010fd44f
GET /s/tajawal/v9/Iurf6YBj_oCad4k1l5anHrRpiYlJ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ciimaclub.click
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9032
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Feb 2023 17:55:59 GMT
expires: Fri, 23 Feb 2024 17:55:59 GMT
cache-control: public, max-age=31536000
age: 175180
last-modified: Wed, 27 Apr 2022 16:02:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/tajawal/v9/Iurf6YBj_oCad4k1l5anHrFpiQ.woff2 | 216.58.207.227 | 200 OK | 11 kB |
URL HTTP/2fonts.gstatic.com/s/tajawal/v9/Iurf6YBj_oCad4k1l5anHrFpiQ.woff2 IP216.58.207.227:0
File typeWeb Open Font Format (Version 2), TrueType, length 10584, version 1.0\012- data Hash316fa1995ea53f41426fa3a7f3b2df39 0bda75704bc7d985f7b934b74f433c53299e06b2 00241262004f96088a827ad4c5d423dbbc0648224e1cd990e5e5ff8e912157c9
GET /s/tajawal/v9/Iurf6YBj_oCad4k1l5anHrFpiQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ciimaclub.click
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 10584
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Feb 2023 17:54:47 GMT
expires: Fri, 23 Feb 2024 17:54:47 GMT
cache-control: public, max-age=31536000
age: 175252
last-modified: Wed, 27 Apr 2022 16:02:06 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash06ac364610377e2621a8eeecbfeb1b8d d2d19ca6c8ed6c317349144c0bf1b3d697442483 0909df274f9d4a993a74c041d379466a6ea85fab0ff38431dbdc9412ff480a02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0909DF274F9D4A993A74C041D379466A6EA85FAB0FF38431DBDC9412FF480A02"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4551
Expires: Sat, 25 Feb 2023 19:51:30 GMT
Date: Sat, 25 Feb 2023 18:35:39 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash06ac364610377e2621a8eeecbfeb1b8d d2d19ca6c8ed6c317349144c0bf1b3d697442483 0909df274f9d4a993a74c041d379466a6ea85fab0ff38431dbdc9412ff480a02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0909DF274F9D4A993A74C041D379466A6EA85FAB0FF38431DBDC9412FF480A02"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4551
Expires: Sat, 25 Feb 2023 19:51:30 GMT
Date: Sat, 25 Feb 2023 18:35:39 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 35.241.9.150 | 200 OK | 329 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Expires, Last-Modified, Cache-Control, ETag, Backoff, Content-Type, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 25 Feb 2023 18:03:34 GMT
age: 1925
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/tajawal/v9/Iurf6YBj_oCad4k1l8KiHrRpiYlJ.woff2 | 216.58.207.227 | 200 OK | 8.5 kB |
URL HTTP/2fonts.gstatic.com/s/tajawal/v9/Iurf6YBj_oCad4k1l8KiHrRpiYlJ.woff2 IP216.58.207.227:0
File typeWeb Open Font Format (Version 2), TrueType, length 8524, version 1.0\012- data Hashc3e912cae666af697127c092f09a513a 90d3316e235b660a99e16bec7d0c58b58b59c4a4 ff5afc2fb4dbd2ecb286ee9b121154abaa9709ae3d710d730a57702725bc28e4
GET /s/tajawal/v9/Iurf6YBj_oCad4k1l8KiHrRpiYlJ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ciimaclub.click
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8524
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 23 Feb 2023 17:40:10 GMT
expires: Fri, 23 Feb 2024 17:40:10 GMT
cache-control: public, max-age=31536000
age: 176129
last-modified: Wed, 27 Apr 2022 16:00:33 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 472 B |
IP142.250.74.131:0
Hash6dbbf8a99f14aa5c8b76354b0a8ea3e2 3435f4c413860589d0650ba43cc30b0056f9a3f7 069ba4e9cdcb97a7ce504c51018753af78e643f7c0c65f799faba8ed2daeac7a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 18:35:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/s/gts1p5/HIfCG7N_xkw | 142.250.74.131 | 200 OK | 471 B |
URL HTTP/1.1ocsp.pki.goog/s/gts1p5/HIfCG7N_xkw IP142.250.74.131:0
Hashb17cf1fbbd4abfc340ccf9bbf67f96e5 c8a41934241bcbc43eb853b24b3be9b50056728b 77d0e33f316ee3b803d2906d04db22a7bbd6465fdf24e14fa175823aea5370d6
POST /s/gts1p5/HIfCG7N_xkw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 18:35:39 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| intorterraon.com/tag.min.js | 139.45.197.239 | 200 OK | 24 kB |
URL HTTP/2intorterraon.com/tag.min.js IP139.45.197.239:0
File typeASCII text, with very long lines (65536), with no line terminators Hash4da999134de2f78982dd1ce9be5e67e4 924cef48d096ba50db4218c56c2152e8f4352f9b 8175a943ff27e4f947dcad2221867e0878f82718d3c6d64f9a1f6b1e7b6e06f8
Analyzer | Verdict | Alert | quad9 | Sinkholed | |
GET /tag.min.js HTTP/1.1
Host: intorterraon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ciimaclub.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Feb 2023 18:35:39 GMT
content-type: text/javascript; charset=utf-8
content-length: 23689
content-encoding: br
x-trace-id: e7e570626d4fe7c916a5fba4bdcadc90
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Fri, 24 Feb 2023 06:08:34 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| www.google-analytics.com/analytics.js | 142.250.74.110 | 200 OK | 20 kB |
URL HTTP/2www.google-analytics.com/analytics.js IP142.250.74.110:0
File typeASCII text, with very long lines (1490) Hashca7fbbfd120e3e329633044190bbf134 d17f81e03dd827554ddd207ea081fb46b3415445 847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ciimaclub.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Sat, 25 Feb 2023 17:53:25 GMT
expires: Sat, 25 Feb 2023 19:53:25 GMT
cache-control: public, max-age=7200
age: 2534
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashb1d73c7d1e3e594a7be10b7ac62176ac 46105f3b581c409f00524674825c08343e4d71d1 7b31674705946d30e1822ddca8008520258d81a32cb11fadeded012dac2b0d13
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7B31674705946D30E1822DDCA8008520258D81A32CB11FADEDED012DAC2B0D13"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12394
Expires: Sat, 25 Feb 2023 22:02:13 GMT
Date: Sat, 25 Feb 2023 18:35:39 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash086a5cab2d95f82d8a950bd419d2251d ee4a6d92d040736a638a37ab9686c59623ee648d b19730357aaf8e6214632e698b37e12bc1adbed9a38ccc2e87023e5c92679b7f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B19730357AAF8E6214632E698B37E12BC1ADBED9A38CCC2E87023E5C92679B7F"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6209
Expires: Sat, 25 Feb 2023 20:19:08 GMT
Date: Sat, 25 Feb 2023 18:35:39 GMT
Connection: keep-alive
|
|
| my.rtmark.net/gid.js?userId=90d73ced6e344f669cc3130510820004 | 139.45.195.8 | 200 OK | 65 B |
URL HTTP/2my.rtmark.net/gid.js?userId=90d73ced6e344f669cc3130510820004 IP139.45.195.8:0
File typeJSON data\012- , ASCII text Hashe98657996d1346cebdc37c14cef84362 f174647df7663b71a69e6396847f6611f5cbb222 b5803d4274b8c541580c762f7b7e9a03114ba0f7cb4f28160473eea07e5a1f83
GET /gid.js?userId=90d73ced6e344f669cc3130510820004 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ciimaclub.click
Connection: keep-alive
Referer: https://ciimaclub.click/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Feb 2023 18:35:39 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://ciimaclub.click
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=90d73ced6e344f669cc3130510820004; expires=Sun, 25 Feb 2024 18:35:39 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| push.services.mozilla.com/ | 52.89.20.60 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP52.89.20.60:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: gXNx3AwP4uSTVcs8Y2g9eg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: iwhnSnrMAQGdZm01gPlPhyakUoA=
|
|
| region1.google-analytics.com/g/collect?v=2&tid=G-J0QQKPLZPB>m=45je32m0&_p=1233506193&cid=446353605.1677350212&ul=en-us&sr=1280x1024&_s=1&sid=1677350211&sct=1&seg=0&dl=https%3A%2F%2Fciimaclub.click%2Fwatch%2F%25D9%2585%25D8%25B3%25D9%2584%25D8%25B3%25D9%2584-the-last-of-us-%25D8%25A7%25D9%2584%25D9%2585%25D9%2588%25D8%25B3%25D9%2585-%25D8%25A7%25D9%2584%25D8%25A7%25D9%2588%25D9%2584-%25D8%25A7%25D9%2584%25D8%25AD%25D9%2584%25D9%2582%25D8%25A9-6-%25D8%25A7%25D9%2584%25D8%25B3%25D8%25A7%25D8%25AF%25D8%25B3%25D8%25A9&dt=%D9%85%D8%B3%D9%84%D8%B3%D9%84%20The%20Last%20of%20Us%20%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85%20%D8%A7%D9%84%D8%A7%D9%88%D9%84%20%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9%206%20%D8%A7%D9%84%D8%B3%D8%A7%D8%AF%D8%B3%D8%A9&en=page_view&_fv=1&_nsi=1&_ss=1 | 216.239.34.36 | 204 No Content | 0 B |
URL HTTP/2region1.google-analytics.com/g/collect?v=2&tid=G-J0QQKPLZPB>m=45je32m0&_p=1233506193&cid=446353605.1677350212&ul=en-us&sr=1280x1024&_s=1&sid=1677350211&sct=1&seg=0&dl=https%3A%2F%2Fciimaclub.click%2Fwatch%2F%25D9%2585%25D8%25B3%25D9%2584%25D8%25B3%25D9%2584-the-last-of-us-%25D8%25A7%25D9%2584%25D9%2585%25D9%2588%25D8%25B3%25D9%2585-%25D8%25A7%25D9%2584%25D8%25A7%25D9%2588%25D9%2584-%25D8%25A7%25D9%2584%25D8%25AD%25D9%2584%25D9%2582%25D8%25A9-6-%25D8%25A7%25D9%2584%25D8%25B3%25D8%25A7%25D8%25AF%25D8%25B3%25D8%25A9&dt=%D9%85%D8%B3%D9%84%D8%B3%D9%84%20The%20Last%20of%20Us%20%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85%20%D8%A7%D9%84%D8%A7%D9%88%D9%84%20%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9%206%20%D8%A7%D9%84%D8%B3%D8%A7%D8%AF%D8%B3%D8%A9&en=page_view&_fv=1&_nsi=1&_ss=1 IP216.239.34.36:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-J0QQKPLZPB>m=45je32m0&_p=1233506193&cid=446353605.1677350212&ul=en-us&sr=1280x1024&_s=1&sid=1677350211&sct=1&seg=0&dl=https%3A%2F%2Fciimaclub.click%2Fwatch%2F%25D9%2585%25D8%25B3%25D9%2584%25D8%25B3%25D9%2584-the-last-of-us-%25D8%25A7%25D9%2584%25D9%2585%25D9%2588%25D8%25B3%25D9%2585-%25D8%25A7%25D9%2584%25D8%25A7%25D9%2588%25D9%2584-%25D8%25A7%25D9%2584%25D8%25AD%25D9%2584%25D9%2582%25D8%25A9-6-%25D8%25A7%25D9%2584%25D8%25B3%25D8%25A7%25D8%25AF%25D8%25B3%25D8%25A9&dt=%D9%85%D8%B3%D9%84%D8%B3%D9%84%20The%20Last%20of%20Us%20%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85%20%D8%A7%D9%84%D8%A7%D9%88%D9%84%20%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9%206%20%D8%A7%D9%84%D8%B3%D8%A7%D8%AF%D8%B3%D8%A9&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ciimaclub.click
Connection: keep-alive
Referer: https://ciimaclub.click/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://ciimaclub.click
date: Sat, 25 Feb 2023 18:35:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashc930829bdcc2bf23ff3014e5dd21f270 7e175882efd19d1649537da3c2c2e70833558d87 c18c9de6b0d5d2d78d1869d8138a00ef62cbd29a77e7cc2c69d30ad54799dda7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C18C9DE6B0D5D2D78D1869D8138A00EF62CBD29A77E7CC2C69D30AD54799DDA7"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11369
Expires: Sat, 25 Feb 2023 21:45:09 GMT
Date: Sat, 25 Feb 2023 18:35:40 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashc930829bdcc2bf23ff3014e5dd21f270 7e175882efd19d1649537da3c2c2e70833558d87 c18c9de6b0d5d2d78d1869d8138a00ef62cbd29a77e7cc2c69d30ad54799dda7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C18C9DE6B0D5D2D78D1869D8138A00EF62CBD29A77E7CC2C69D30AD54799DDA7"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11369
Expires: Sat, 25 Feb 2023 21:45:09 GMT
Date: Sat, 25 Feb 2023 18:35:40 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashc930829bdcc2bf23ff3014e5dd21f270 7e175882efd19d1649537da3c2c2e70833558d87 c18c9de6b0d5d2d78d1869d8138a00ef62cbd29a77e7cc2c69d30ad54799dda7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C18C9DE6B0D5D2D78D1869D8138A00EF62CBD29A77E7CC2C69D30AD54799DDA7"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11369
Expires: Sat, 25 Feb 2023 21:45:09 GMT
Date: Sat, 25 Feb 2023 18:35:40 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashc930829bdcc2bf23ff3014e5dd21f270 7e175882efd19d1649537da3c2c2e70833558d87 c18c9de6b0d5d2d78d1869d8138a00ef62cbd29a77e7cc2c69d30ad54799dda7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C18C9DE6B0D5D2D78D1869D8138A00EF62CBD29A77E7CC2C69D30AD54799DDA7"
Last-Modified: Sat, 25 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11369
Expires: Sat, 25 Feb 2023 21:45:09 GMT
Date: Sat, 25 Feb 2023 18:35:40 GMT
Connection: keep-alive
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F363345a7-425e-4498-8aa7-e16250bedd66.jpeg | 34.120.237.76 | 200 OK | 5.3 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F363345a7-425e-4498-8aa7-e16250bedd66.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashf5c457f02a50b085b748b7e806f166f7 a7b75438ba91b71e023e2e6e355563ac2635bf25 7607c112a56f9893b0c491cad54d7d83be0fa414e69dd44c251e074e15877f6a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F363345a7-425e-4498-8aa7-e16250bedd66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5269
x-amzn-requestid: e6460273-d038-41fa-9915-5f5762feecab
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: A3QiUFqhIAMF5sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f92e0e-6c3baead0e2b8845557bf7e9;Sampled=0
x-amzn-remapped-date: Fri, 24 Feb 2023 21:37:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 07pNAHZlG7fP3dgG0eb-onMglfj9-wP2RAFShvr3b-MkOECPQZaSdA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 5c7981a979abd51ba7e5ca7d464fd048.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Feb 2023 21:40:19 GMT
age: 75321
etag: "a7b75438ba91b71e023e2e6e355563ac2635bf25"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbaa41846-2966-47c9-ac1f-845e6507fe21.jpeg | 34.120.237.76 | 200 OK | 7.0 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbaa41846-2966-47c9-ac1f-845e6507fe21.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashd434142b05e07062707138da8999445e d4796a582b28b1afcb1d7c8d06d78664a62bc880 0baf0e2b4c5975bac7d8543156bdb412cb8a703a768c765a90eedb95fb8ab1ec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbaa41846-2966-47c9-ac1f-845e6507fe21.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6979
x-amzn-requestid: 19ffbbf5-7950-405e-b558-43c6c011785c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Az9M7FrMIAMFzCg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f7dbec-7c65361d479d30c129f9d1d0;Sampled=0
x-amzn-remapped-date: Thu, 23 Feb 2023 21:34:36 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: uAlLA8M3mpkJ6q6lSztfNbhSpQu3pFgjZ53BjU-jkLAVX3DoTHH2vA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Feb 2023 00:10:20 GMT
age: 66320
etag: "d4796a582b28b1afcb1d7c8d06d78664a62bc880"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb97e8f2e-6da0-4f8b-b12c-1af676e3e4da.jpeg | 34.120.237.76 | 200 OK | 9.1 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb97e8f2e-6da0-4f8b-b12c-1af676e3e4da.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash2a5f3d376fe6a3a78a5d1fe136f962fb 3e9b03cc296e954d63526a4e7e75beea3130fc3b c8cf4f1c0352102764247e4dc5a2076921e0eaa18bfd110e5b0b97a55c706690
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb97e8f2e-6da0-4f8b-b12c-1af676e3e4da.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9093
x-amzn-requestid: 3fd9f8c8-cf10-4222-a2cc-5f18ff7b2e9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Az9D3HqmoAMFeBQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f7dbb2-352315613cc0c2bc7eb28e05;Sampled=0
x-amzn-remapped-date: Thu, 23 Feb 2023 21:33:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: S8s54RJtScNtsl6uEFtBEHnTj4lb3l5xIWR96Kvr_SdwQQQMgSKNxA==
via: 1.1 23206a1c229d8877bdd053c4b05f9d12.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Feb 2023 21:34:57 GMT
age: 75643
etag: "3e9b03cc296e954d63526a4e7e75beea3130fc3b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8705a5a8-62bf-44bc-8c05-31c8b6c31694.jpeg | 34.120.237.76 | 200 OK | 2.5 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8705a5a8-62bf-44bc-8c05-31c8b6c31694.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash07de4b2f670ddb3d7188529f2a663e32 6eb14318c585598c0ee9e7e5d694eb190f2cfbbc 6f6c649e01b654856df8a17db50787b7888dc063a4d68a337ce8bfad275bcadd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8705a5a8-62bf-44bc-8c05-31c8b6c31694.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2472
x-amzn-requestid: 8666c3f8-25a1-4204-8a9e-717f95bc6f60
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AqYMpF96IAMFRcw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f4071d-3e4dce5a5b119a44096124ff;Sampled=0
x-amzn-remapped-date: Mon, 20 Feb 2023 23:49:49 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: s0lEI3Louq5N7FwRFgTmXEChzb0SHOvk2nSKDp_xIHeTuvxGL1CVwQ==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Feb 2023 18:00:26 GMT
age: 2114
etag: "6eb14318c585598c0ee9e7e5d694eb190f2cfbbc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3c87908-10da-4c1e-98d5-7b8969dc1d8f.jpeg | 34.120.237.76 | 200 OK | 9.3 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3c87908-10da-4c1e-98d5-7b8969dc1d8f.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hashc8a79c5116304a1077022d4e19d5f892 9c70a05af13a4b959aea1211aeceffaf022bb958 0ff1c048a91e61945398123124970d6b7309f48a688181274ab0365e87f13759
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3c87908-10da-4c1e-98d5-7b8969dc1d8f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9277
x-amzn-requestid: e261e234-b057-478e-89c2-beba806ca510
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: A3QiTFWMoAMF18A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f92e0e-3a86e7a303be3ce619b876f8;Sampled=0
x-amzn-remapped-date: Fri, 24 Feb 2023 21:37:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: QWHYevVRVpj96ZeAjz14lg7uxt8X78VpVCOIrvGjldD7ON2EGVVcSg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 29a825d8a219984d47bec4350779b558.cloudfront.net (CloudFront), 1.1 google
date: Fri, 24 Feb 2023 23:10:45 GMT
age: 69895
etag: "9c70a05af13a4b959aea1211aeceffaf022bb958"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5651651c-e7cc-4a7b-ae8a-9fb1e88379d3.jpeg | 34.120.237.76 | 200 OK | 2.4 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5651651c-e7cc-4a7b-ae8a-9fb1e88379d3.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash94622f58aa91b60efcab072bbfc1b8fc 481c511819075f80bacc5cca0b50c3650b5789d1 767c220ed09fbb28216023785c3609993185463dea0fcdc6cb355d6d00acd6b0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5651651c-e7cc-4a7b-ae8a-9fb1e88379d3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2433
x-amzn-requestid: 1eb77631-515a-41f7-ac18-59c8cd22c4ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Ax_KCHgAoAMFu5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63f7123f-051da60474344e58658cc980;Sampled=0
x-amzn-remapped-date: Thu, 23 Feb 2023 07:14:07 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: KStkU8id8VhC4s3kYYvxctpem7798i9K7jNQUVNahm_mycuGOaE72g==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 25 Feb 2023 07:44:04 GMT
age: 39096
etag: "481c511819075f80bacc5cca0b50c3650b5789d1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js | 216.58.211.10 | 200 OK | 30 kB |
URL HTTP/2ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js IP216.58.211.10:0
File typeASCII text, with very long lines (32065) Hash6d973c8b7e2439d958e09c0a1ab9fe50 05ae0830200c20b9a2dfd5a825adc400481a60fb f3c122dc227e829ed96b2a754296809201bd78abbad7ba50ef5079654e1cc894
GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://g.gvadz.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30028
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 19 Feb 2023 11:05:58 GMT
expires: Mon, 19 Feb 2024 11:05:58 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 545383
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/s/gts1p5/HIfCG7N_xkw | 142.250.74.131 | 200 OK | 471 B |
URL HTTP/1.1ocsp.pki.goog/s/gts1p5/HIfCG7N_xkw IP142.250.74.131:0
Hashb17cf1fbbd4abfc340ccf9bbf67f96e5 c8a41934241bcbc43eb853b24b3be9b50056728b 77d0e33f316ee3b803d2906d04db22a7bbd6465fdf24e14fa175823aea5370d6
POST /s/gts1p5/HIfCG7N_xkw HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 18:35:41 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hashf653e8acb79f055c19dc401757e14d06 5ff9216ff507fa3873c1736bf163ae1fa7e7750a 2cfdeeac4dcc65d7cc433b972e0bda8441517e40a1c95fb8ea327d215353eb22
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2CFDEEAC4DCC65D7CC433B972E0BDA8441517E40A1C95FB8EA327D215353EB22"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9838
Expires: Sat, 25 Feb 2023 21:19:39 GMT
Date: Sat, 25 Feb 2023 18:35:41 GMT
Connection: keep-alive
|
|
| boostknifehumidity.com/d3/18/fa/d318fa08f9d0af3f53ed4dad0b4564e8.js | 173.233.139.164 | 200 OK | 21 kB |
URL HTTP/1.1boostknifehumidity.com/d3/18/fa/d318fa08f9d0af3f53ed4dad0b4564e8.js IP173.233.139.164:0
File typeHTML document, ASCII text, with very long lines (60157), with no line terminators Hashddf8bf48d42875a8717f8c33901ef8e2 1f54feaadb4212fd8a6d87a119e0387fe3c13db5 eb27744c5a5f322ddc80d445c757cdd6e010a44e037cacdb447d1fd51e69b203
Analyzer | Verdict | Alert | quad9 | Sinkholed | |
GET /d3/18/fa/d318fa08f9d0af3f53ed4dad0b4564e8.js HTTP/1.1
Host: boostknifehumidity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://g.gvadz.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 25 Feb 2023 18:35:41 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 162cd5ed4b0fba11361d57ff3980e8bc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash78036cbfbf847a980043d4919c4aa4e4 272abfc5ef200cdbeca49b027ccbc7d3a07dacad 86da26464f8e796128e43da5794e3f734bd1455409986cdac9a2e2359796736d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "86DA26464F8E796128E43DA5794E3F734BD1455409986CDAC9A2E2359796736D"
Last-Modified: Fri, 24 Feb 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17518
Expires: Sat, 25 Feb 2023 23:27:40 GMT
Date: Sat, 25 Feb 2023 18:35:42 GMT
Connection: keep-alive
|
|
| ocsp.r2m01.amazontrust.com/ | 143.204.48.16 | 200 OK | 471 B |
URL HTTP/1.1ocsp.r2m01.amazontrust.com/ IP143.204.48.16:0
Hash6c0354339d75164a602f22c1ebc09786 9bca89d4dc69ec32c39616ce0f35cad700e86f73 7867a140da5c3431d594635f2790cc283ac7a249be7caaaffe36fac7a48b9ef9
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=171971
Date: Sat, 25 Feb 2023 18:35:42 GMT
Etag: "63fa3d46-1d7"
Expires: Mon, 27 Feb 2023 18:21:53 GMT
Last-Modified: Sat, 25 Feb 2023 16:54:30 GMT
Server: ECS (nyb/1D22)
X-Cache: Miss from cloudfront
Via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: sUZCIBT1OTuYRTTAq5upW2Ug3JaoqUIJkLkGR9AsVHEbnr_yAb4z5w==
Age: 5243
|
|
| g.gvadz.click/player8/translations/ar.json | 104.21.47.62 | 200 OK | 1.8 kB |
URL HTTP/2g.gvadz.click/player8/translations/ar.json IP104.21.47.62:0
File typeJSON data\012- , Unicode text, UTF-8 text, with CRLF line terminators Hashf72d84dea64324187b699e4c73332838 22292f0380bb512997eb57b5e08bd33789007f42 47f3f1a6f99f1deaa1381997260dcc26b405ee2c207ad0e9611b3a7b94bea09a
GET /player8/translations/ar.json HTTP/1.1
Host: g.gvadz.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://g.gvadz.click/play/16772196
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 18:35:41 GMT
content-type: application/json
last-modified: Thu, 25 Feb 2021 00:45:08 GMT
etag: W/"6036f314-13b8"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dL5w06iKpp%2BVnLBPiu%2B7wEqY%2BvE3yXyBGtlST4Hd4mJQmQZ1FMtqTxM2Z42e4mpPnuyZBy7jQOouls6sKKiMJhRMzVoVXV9x93kROjm8ZUblj6xNzgi7QlN7MDCdx7hI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79f28acf2cb1b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.76.226 | 200 OK | 503 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash4fc02d89e1c005722757c433855a81a2 e110140e81a20efc76ec36b8494560591ab1ffb0 729cc20ffa921a68bd64ac84398b87b7f40c1fbca56adea7d804e335b02911e2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "729CC20FFA921A68BD64AC84398B87B7F40C1FBCA56ADEA7D804E335B02911E2"
Last-Modified: Sat, 25 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4959
Expires: Sat, 25 Feb 2023 19:58:21 GMT
Date: Sat, 25 Feb 2023 18:35:42 GMT
Connection: keep-alive
|
|
| prosecutionsocktrap.com/pixel/purst?dl=0&th=0&sc=0&rs=3278&rd=3278&fd=836&bv=22.10.v.9&tmpl=70 | 192.243.59.13 | 200 OK | 0 B |
URL HTTP/1.1prosecutionsocktrap.com/pixel/purst?dl=0&th=0&sc=0&rs=3278&rd=3278&fd=836&bv=22.10.v.9&tmpl=70 IP192.243.59.13:0 ASN#39572 DataWeb Global Group B.V.
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel/purst?dl=0&th=0&sc=0&rs=3278&rd=3278&fd=836&bv=22.10.v.9&tmpl=70 HTTP/1.1
Host: prosecutionsocktrap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://g.gvadz.click/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 25 Feb 2023 18:35:42 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
|
|
| banquetunarmedgrater.com/advertisers.js | 192.243.59.13 | 200 OK | 0 B |
URL HTTP/1.1banquetunarmedgrater.com/advertisers.js IP192.243.59.13:0 ASN#39572 DataWeb Global Group B.V.
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | quad9 | Sinkholed | |
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://g.gvadz.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 25 Feb 2023 18:35:42 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b99eada21f01638d89c76ae8f825bbc8
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 471 B |
IP142.250.74.131:0
Hashcd486f4ea33f4234aa9ef9b1a229845d 6eb70b1e0f9c5ea8c5ff9661f7569a4d8010c55a 48aaf83b4b1462a8736213a1072547d2c718010184e5a2195fbf7aabd87c81d8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 18:35:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-74510604-1&cid=2060205009.1677350215&jid=400023658&gjid=1050216643&_gid=411341663.1677350215&_u=YEBAAUAAAAAAACAAIC~&z=1916724098 | 64.233.165.154 | 200 OK | 1 B |
URL HTTP/2stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-74510604-1&cid=2060205009.1677350215&jid=400023658&gjid=1050216643&_gid=411341663.1677350215&_u=YEBAAUAAAAAAACAAIC~&z=1916724098 IP64.233.165.154:0
File typevery short file (no magic) Hashc4ca4238a0b923820dcc509a6f75849b 356a192b7913b04c54574d18c28d46e6395428ab 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-74510604-1&cid=2060205009.1677350215&jid=400023658&gjid=1050216643&_gid=411341663.1677350215&_u=YEBAAUAAAAAAACAAIC~&z=1916724098 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://g.gvadz.click
Connection: keep-alive
Referer: https://g.gvadz.click/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://g.gvadz.click
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 25 Feb 2023 18:35:42 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 471 B |
IP142.250.74.131:0
Hashcd486f4ea33f4234aa9ef9b1a229845d 6eb70b1e0f9c5ea8c5ff9661f7569a4d8010c55a 48aaf83b4b1462a8736213a1072547d2c718010184e5a2195fbf7aabd87c81d8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 25 Feb 2023 18:35:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| g.gvadz.click/assets/css/play.css | 104.21.47.62 | 200 OK | 0 B |
URL HTTP/2g.gvadz.click/assets/css/play.css IP104.21.47.62:0
GET /assets/css/play.css HTTP/1.1
Host: g.gvadz.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://g.gvadz.click/play/16772196
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 18:35:41 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1493
etag: W/"5d66b2be-5d5"
last-modified: Wed, 28 Aug 2019 16:58:38 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 3555
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cIUVZWq5%2BVHBWKp6M4U17RfYDu6PBGJ3Zfc7yjNakrLUc69ErXkZqfG7w4x7HkYghooXWOkpEtBhmE3E0jxFJMVg%2FKuVnEbSH7m8qa64FpUKZREJDTHuEmDMKaSf3tCD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f28ace6bcfb529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ciimaclub.click/watch/%D9%85%D8%B3%D9%84%D8%B3%D9%84-the-last-of-us-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-6-%D8%A7%D9%84%D8%B3%D8%A7%D8%AF%D8%B3%D8%A9 | 172.67.200.187 | 200 OK | 0 B |
URL HTTP/2ciimaclub.click/watch/%D9%85%D8%B3%D9%84%D8%B3%D9%84-the-last-of-us-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-6-%D8%A7%D9%84%D8%B3%D8%A7%D8%AF%D8%B3%D8%A9 IP172.67.200.187:0
GET /watch/%D9%85%D8%B3%D9%84%D8%B3%D9%84-the-last-of-us-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-6-%D8%A7%D9%84%D8%B3%D8%A7%D8%AF%D8%B3%D8%A9 HTTP/1.1
Host: ciimaclub.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sat, 25 Feb 2023 18:35:38 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6IjJQZms0OW1iXC9GeXJ0bGVMM1wvMVwvRkE9PSIsInZhbHVlIjoid212clJ3TlJqV29vTEJtMTdRcWRoVGZ2UmhESytpYUpsWkNEc2JzTGFRMTdQN2JCYWNIU3Izbjd2eDV3ajhDVSIsIm1hYyI6IjkyOTQyMzBhYTc2ZDg4ZThmMjE0NWE4NDY2YjFhYmVmNGZmMmYzZjJiZjg5OTRhYTEyYzE4MDRhYzc2ZTJjNDkifQ%3D%3D; expires=Sun, 26-Feb-2023 04:35:34 GMT; Max-Age=36000; path=/
cimaclub_session=eyJpdiI6IjFDK2xzN0piRVVUNzJCMDVXdzNcL3NnPT0iLCJ2YWx1ZSI6IjlnSnZjXC9RRmpBbDVPRXFiVGgyXC9OMkh3OUU2SExDUEZtWmxPQ2h2TnBXMWdmZkZsd0Y3dzhvREFSaERkNWpvdSIsIm1hYyI6ImRiZGRjM2JkNTI3Yzc0YThkODQzNDUyNmMzNDRlMmVmMjA5YWYwZWRlZTlmYTI1NzgzNzMzMGJkM2E3ZDlkMDkifQ%3D%3D; expires=Sun, 26-Feb-2023 04:35:34 GMT; Max-Age=36000; path=/; httponly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zppieWJ%2Fw815EkafWa1KqrZ%2FlyoF4E0pKj2wq7CGSAbcIcKJPaFZODsluWvKv8BoDEKFF9RPGppcV67h3h4l8bOjC7ogDKpzv7AmnWsxBoB%2Blo%2Bvy2nxvCRpjJGcfSMhlLA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79f28abc9c4fb51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Changa:200,300,400,500,600,700,800&display=swap&subset=arabic | 142.250.74.106 | 200 OK | 0 B |
URL HTTP/2fonts.googleapis.com/css?family=Changa:200,300,400,500,600,700,800&display=swap&subset=arabic IP142.250.74.106:0
GET /css?family=Changa:200,300,400,500,600,700,800&display=swap&subset=arabic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ciimaclub.click/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 25 Feb 2023 18:35:38 GMT
date: Sat, 25 Feb 2023 18:35:38 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| g.gvadz.click/player8/provider.hlsjs.js | 104.21.47.62 | 200 OK | 0 B |
URL HTTP/2g.gvadz.click/player8/provider.hlsjs.js IP104.21.47.62:0
GET /player8/provider.hlsjs.js HTTP/1.1
Host: g.gvadz.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://g.gvadz.click/play/16772196
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 18:35:41 GMT
content-type: application/javascript; charset=utf-8
cf-bgj: minify
etag: W/"6236d230-4c4a3"
last-modified: Sun, 20 Mar 2022 07:05:20 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 1601
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lfngItOx4BiKwT0uBgNhfObIl%2FWMn9rDFSopMXBh83YHkuumFKpAecodKbav4mBFc9yGwN1jnKNZxTvkahCVnZU81uBrfzH8CLTd43iW0EO5q1nZjOfbHFQqlTF8cCNT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f28acf3cbbb529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ciimaclub.click/themes/CimaClub/js/jquery-3.3.1.min.js?v=1.1.7 | 172.67.200.187 | 200 OK | 0 B |
URL HTTP/2ciimaclub.click/themes/CimaClub/js/jquery-3.3.1.min.js?v=1.1.7 IP172.67.200.187:0
GET /themes/CimaClub/js/jquery-3.3.1.min.js?v=1.1.7 HTTP/1.1
Host: ciimaclub.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ciimaclub.click/watch/%D9%85%D8%B3%D9%84%D8%B3%D9%84-the-last-of-us-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-6-%D8%A7%D9%84%D8%B3%D8%A7%D8%AF%D8%B3%D8%A9
Cookie: XSRF-TOKEN=eyJpdiI6IjJQZms0OW1iXC9GeXJ0bGVMM1wvMVwvRkE9PSIsInZhbHVlIjoid212clJ3TlJqV29vTEJtMTdRcWRoVGZ2UmhESytpYUpsWkNEc2JzTGFRMTdQN2JCYWNIU3Izbjd2eDV3ajhDVSIsIm1hYyI6IjkyOTQyMzBhYTc2ZDg4ZThmMjE0NWE4NDY2YjFhYmVmNGZmMmYzZjJiZjg5OTRhYTEyYzE4MDRhYzc2ZTJjNDkifQ%3D%3D; cimaclub_session=eyJpdiI6IjFDK2xzN0piRVVUNzJCMDVXdzNcL3NnPT0iLCJ2YWx1ZSI6IjlnSnZjXC9RRmpBbDVPRXFiVGgyXC9OMkh3OUU2SExDUEZtWmxPQ2h2TnBXMWdmZkZsd0Y3dzhvREFSaERkNWpvdSIsIm1hYyI6ImRiZGRjM2JkNTI3Yzc0YThkODQzNDUyNmMzNDRlMmVmMjA5YWYwZWRlZTlmYTI1NzgzNzMzMGJkM2E3ZDlkMDkifQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 18:35:38 GMT
content-type: application/javascript
last-modified: Sat, 06 Apr 2019 20:23:56 GMT
etag: W/"5ca90adc-15339"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2743
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3Ocune%2FXUwzrhWbpcMCTozeXLESC8bFxe%2FmHLafLaankQ4j3lVMFK3am1x737fRjiXenGk22nmoVeq1KdCD9Tr9nnpIKx5EoeLoK3v2Z5TdxZvsf%2FyzzXyKJ%2B3QEE8%2B9Slk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f28abdbde2b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| g.gvadz.click/player8/govid7.css | 104.21.47.62 | 200 OK | 0 B |
URL HTTP/2g.gvadz.click/player8/govid7.css IP104.21.47.62:0
GET /player8/govid7.css HTTP/1.1
Host: g.gvadz.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://g.gvadz.click/play/16772196
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 18:35:41 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=5148
etag: W/"6236cf62-141c"
last-modified: Sun, 20 Mar 2022 06:53:22 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 5614
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ntrwqQy6y1HKxY%2BZcED7%2Bkqlacy1K7Whli6zyz%2FxDt0uOD1%2B3y88LZE8gDhRBHZrVHHmYSxw%2BJ33TYSOdaiJSLzRMFTnOXYG447pEewBUebar86WZYYUo3IAHr%2FmGQuu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f28ace6bc5b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| g.gvadz.click/player8/jwplayer.js | 104.21.47.62 | 200 OK | 0 B |
URL HTTP/2g.gvadz.click/player8/jwplayer.js IP104.21.47.62:0
GET /player8/jwplayer.js HTTP/1.1
Host: g.gvadz.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://g.gvadz.click/play/16772196
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 18:35:41 GMT
content-type: application/javascript; charset=utf-8
cf-bgj: minify
etag: W/"6236d1e8-18a86"
last-modified: Sun, 20 Mar 2022 07:04:08 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 3555
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZkWlNznK8VSczfGIccqKmKqemXymMWyvuTLwjbZb886ByfnAgd9DTSVtLUldClMtxnuZa%2BbxemMGuJNC9INjIvBjfr1ASJI8Rb4hYpjyoOI2FsSJkkRCM3nthXSo4Ref"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f28ace6bcab529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ciimaclub.click/themes/CimaClub/js/tornado.min.js?v=1.2.2 | 172.67.200.187 | 200 OK | 0 B |
URL HTTP/2ciimaclub.click/themes/CimaClub/js/tornado.min.js?v=1.2.2 IP172.67.200.187:0
GET /themes/CimaClub/js/tornado.min.js?v=1.2.2 HTTP/1.1
Host: ciimaclub.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ciimaclub.click/watch/%D9%85%D8%B3%D9%84%D8%B3%D9%84-the-last-of-us-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-6-%D8%A7%D9%84%D8%B3%D8%A7%D8%AF%D8%B3%D8%A9
Cookie: XSRF-TOKEN=eyJpdiI6IjJQZms0OW1iXC9GeXJ0bGVMM1wvMVwvRkE9PSIsInZhbHVlIjoid212clJ3TlJqV29vTEJtMTdRcWRoVGZ2UmhESytpYUpsWkNEc2JzTGFRMTdQN2JCYWNIU3Izbjd2eDV3ajhDVSIsIm1hYyI6IjkyOTQyMzBhYTc2ZDg4ZThmMjE0NWE4NDY2YjFhYmVmNGZmMmYzZjJiZjg5OTRhYTEyYzE4MDRhYzc2ZTJjNDkifQ%3D%3D; cimaclub_session=eyJpdiI6IjFDK2xzN0piRVVUNzJCMDVXdzNcL3NnPT0iLCJ2YWx1ZSI6IjlnSnZjXC9RRmpBbDVPRXFiVGgyXC9OMkh3OUU2SExDUEZtWmxPQ2h2TnBXMWdmZkZsd0Y3dzhvREFSaERkNWpvdSIsIm1hYyI6ImRiZGRjM2JkNTI3Yzc0YThkODQzNDUyNmMzNDRlMmVmMjA5YWYwZWRlZTlmYTI1NzgzNzMzMGJkM2E3ZDlkMDkifQ%3D%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 18:35:38 GMT
content-type: application/javascript
last-modified: Tue, 17 Nov 2020 22:32:29 GMT
etag: W/"5fb44f7d-2e9b9"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2739
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B3q9fdBCR%2FW3N0uCD9D%2FcJcGgiulSLqTFL089Wi1vhEEd1f7ui80zsiaHSvSuOaPh83OKXDuSyXMumgducY9yXSAe3PKu1eaPlpj9V6Mm6DGy8JzlSmert0P1Z2g82JIz24%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f28abdbde3b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| g.gvadz.click/play/16772196 | 104.21.47.62 | 200 OK | 0 B |
URL HTTP/2g.gvadz.click/play/16772196 IP104.21.47.62:0
GET /play/16772196 HTTP/1.1
Host: g.gvadz.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ciimaclub.click/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 25 Feb 2023 18:35:41 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6Im5POXhKOVMycVRETG5CaERWV3FTZ3c9PSIsInZhbHVlIjoiblBwXC9OMlwvTStHRjJ0YTQ0OVp5WjZyQUh4eEc1NUJFazNZcUpyVWs3R1p1XC9NOFk3R05MUXdvajB0SERWeStxRyIsIm1hYyI6IjlhNGQ5ZTNhMmMzODE5YTAyMWFjMDE2NTM3OTQwMjkzNmM0MzNhYWE4MmViODI5MjNmMmYyMjhlYjg0YmI3ZmQifQ%3D%3D; expires=Sat, 25-Feb-2023 20:35:41 GMT; Max-Age=7200; path=/
streamwhale_session=eyJpdiI6IkhxUG1sS0pjU1VobUQ5XC9pT3JCWnRRPT0iLCJ2YWx1ZSI6ImZDTmNxek1JNnZybzlCaytsQ3Rrc1JJUHcyUG9cLzA1SU9QUDAzcUIxNXg2WFlEQis2aEdvYmxQRCtvTktBZzc1IiwibWFjIjoiMzRkNzEwNmJlNWQ4YzEyODkzM2ZhZjhmNjc4NWIzZDM0ZmNiNDQyMjBkNTU0MGQ2MGJkMzg2Y2I5ZDlmNGEzMCJ9; expires=Sat, 25-Feb-2023 20:35:41 GMT; Max-Age=7200; path=/; httponly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jUXH2NXm1NaIDqfktlOxVd0JB98oO7G8VEVaIy0HkrO3T0%2FoD0DxdkXLOEj3W9iQZr3GoSky6iBrBCQKkvXl5cWF%2FSkJY7U3DoBes3BIEjLfDIikzbdbGeIv25meYTT9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79f28ac19a1db529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ciimaclub.click/themes/CimaClub/css/ionicons.min.css | 172.67.200.187 | 200 OK | 0 B |
URL HTTP/2ciimaclub.click/themes/CimaClub/css/ionicons.min.css IP172.67.200.187:0
GET /themes/CimaClub/css/ionicons.min.css HTTP/1.1
Host: ciimaclub.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ciimaclub.click/watch/%D9%85%D8%B3%D9%84%D8%B3%D9%84-the-last-of-us-%D8%A7%D9%84%D9%85%D9%88%D8%B3%D9%85-%D8%A7%D9%84%D8%A7%D9%88%D9%84-%D8%A7%D9%84%D8%AD%D9%84%D9%82%D8%A9-6-%D8%A7%D9%84%D8%B3%D8%A7%D8%AF%D8%B3%D8%A9
Cookie: XSRF-TOKEN=eyJpdiI6IjJQZms0OW1iXC9GeXJ0bGVMM1wvMVwvRkE9PSIsInZhbHVlIjoid212clJ3TlJqV29vTEJtMTdRcWRoVGZ2UmhESytpYUpsWkNEc2JzTGFRMTdQN2JCYWNIU3Izbjd2eDV3ajhDVSIsIm1hYyI6IjkyOTQyMzBhYTc2ZDg4ZThmMjE0NWE4NDY2YjFhYmVmNGZmMmYzZjJiZjg5OTRhYTEyYzE4MDRhYzc2ZTJjNDkifQ%3D%3D; cimaclub_session=eyJpdiI6IjFDK2xzN0piRVVUNzJCMDVXdzNcL3NnPT0iLCJ2YWx1ZSI6IjlnSnZjXC9RRmpBbDVPRXFiVGgyXC9OMkh3OUU2SExDUEZtWmxPQ2h2TnBXMWdmZkZsd0Y3dzhvREFSaERkNWpvdSIsIm1hYyI6ImRiZGRjM2JkNTI3Yzc0YThkODQzNDUyNmMzNDRlMmVmMjA5YWYwZWRlZTlmYTI1NzgzNzMzMGJkM2E3ZDlkMDkifQ%3D%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 25 Feb 2023 18:35:38 GMT
content-type: text/css
last-modified: Wed, 14 Oct 2020 02:09:39 GMT
etag: W/"5f865de3-aea2"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 7122
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FYHX04BsAUadgow0KM07k5GTy2%2BDgr1Za8TrsM%2FYfBMNMZQ07GzHXqhRLkr2%2FPnWrWFQjQ48upq7a7x99ZIYmrUSkwYQR5EAOvW5C%2FjRjvYctz3tom9XiJZ1ohymmcQ33PU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79f28abdadc2b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| intorterraon.com/5/4041149/?oo=1&aab=1 | 139.45.197.239 | 200 OK | 0 B |
URL HTTP/2intorterraon.com/5/4041149/?oo=1&aab=1 IP139.45.197.239:0
Analyzer | Verdict | Alert | quad9 | Sinkholed | |
GET /5/4041149/?oo=1&aab=1 HTTP/1.1
Host: intorterraon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ciimaclub.click
Connection: keep-alive
Referer: https://ciimaclub.click/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 25 Feb 2023 18:35:39 GMT
content-type: application/json
x-trace-id: 4e276a88bbb9f5b75d210cd222fcb23f
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://ciimaclub.click
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=90d73ced6e344f669cc3130510820004; expires=Sun, 25 Feb 2024 18:35:39 GMT; path=/; secure; SameSite=None
oaidts=1677350139; expires=Sun, 25 Feb 2024 18:35:39 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Tajawal:500,800&subset=arabic | 142.250.74.106 | 200 OK | 0 B |
URL HTTP/2fonts.googleapis.com/css?family=Tajawal:500,800&subset=arabic IP142.250.74.106:0
GET /css?family=Tajawal:500,800&subset=arabic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ciimaclub.click/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 25 Feb 2023 18:35:38 GMT
date: Sat, 25 Feb 2023 18:35:38 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|