r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 81dd5c5cc5b3278876cb44dcb520a60f
c0511a59e9eccdcdda98717b87c89c5d59974808
41736c303afdb3d31e48724b107dcb22883cae02f3562308eb52d9164001a2de
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41736C303AFDB3D31E48724B107DCB22883CAE02F3562308EB52D9164001A2DE"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17793
Expires: Sat, 28 Jan 2023 12:20:56 GMT
Date: Sat, 28 Jan 2023 07:24:23 GMT
Connection: keep-alive
cdn.mds.com.cy/
64.207.145.68301 Moved Permanently 162 B IP 64.207.145.68:0
ASN #398110 GO-DADDY-COM-LLC
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: cdn.mds.com.cy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 28 Jan 2023 07:24:23 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://cdn.mds.com.cy/
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14671
Expires: Sat, 28 Jan 2023 11:28:54 GMT
Date: Sat, 28 Jan 2023 07:24:23 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 28 Jan 2023 06:35:29 GMT
content-type: application/json
age: 2934
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 69f73ac59327cd9ad7d99816ccfcc03e
c54844f82dbee0d5ee4c8ce344eb0139373e6c6b
e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13025
Expires: Sat, 28 Jan 2023 11:01:28 GMT
Date: Sat, 28 Jan 2023 07:24:23 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 6aYQ61Y9Vvw5aq4lI9jh80ctdnhEXSat5t+9hXdjwJAo7xj5zpbykSLGUhzmB8nQ/T+utQaLzp0=
x-amz-request-id: GTZN8016G6EZ14G2
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 28 Jan 2023 07:20:53 GMT
age: 210
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 07:24:23 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1fae83d097ec9d54002f31a48b551152
8d91cbd1b0efdb0f76d519bb7c64e95dc2fe25db
45b3247577182078147978437e0ba77faf8b1334def05b0e2c17c224bc9697bd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "45B3247577182078147978437E0BA77FAF8B1334DEF05B0E2C17C224BC9697BD"
Last-Modified: Thu, 26 Jan 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21593
Expires: Sat, 28 Jan 2023 13:24:16 GMT
Date: Sat, 28 Jan 2023 07:24:23 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 28 Jan 2023 06:41:40 GMT
age: 2563
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15522
Expires: Sat, 28 Jan 2023 11:43:06 GMT
Date: Sat, 28 Jan 2023 07:24:24 GMT
Connection: keep-alive
push.services.mozilla.com/
35.162.98.11101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.162.98.11:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 720yByk1jszQCEyyfRxWuQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: VIn34txqrz89Kewn9+soDv3c9Q8=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 11ac054380663487aac4d7ac75ed5187
21a7880537399554f17a01f090c3c5fe210eab76
abf9c05d5cea882b0a0c6f5a98680b1f28e9ddaa92da5afc7b6bbfc68e7909e6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ABF9C05D5CEA882B0A0C6F5A98680B1F28E9DDAA92DA5AFC7B6BBFC68E7909E6"
Last-Modified: Thu, 26 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21566
Expires: Sat, 28 Jan 2023 13:23:50 GMT
Date: Sat, 28 Jan 2023 07:24:24 GMT
Connection: keep-alive
xx-yz.xyz/hKj0r2
190.115.26.9302 Found 0 B IP 190.115.26.9:0
ASN #262254 DDOS-GUARD CORP.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /hKj0r2 HTTP/1.1
Host: xx-yz.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.mds.com.cy/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
set-cookie: __ddg1_=nj8HxpLu4VIajRniXwPR; Domain=.xx-yz.xyz; HttpOnly; Path=/; Expires=Sun, 28-Jan-2024 07:24:24 GMT
date: Sat, 28 Jan 2023 07:24:24 GMT
location: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwicr7n14Oj8AhXhRaQEHST_AkMQFnoECBMQAQ&url=https%3A%2F%2Fen.elbwaba.com%2F27%2Fare-crypto-trading-bots-legit&usg=AOvVaw1ZmfDiOCYhOg5QIzFqlUj5
content-length: 0
content-type: text/html; charset=UTF-8
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash ab04da9bc46246cc0001464e7f6b5e19
01ce4f7004aec7a24d4545a1e742ab6a1e639b48
22e519a39cb2e7e5f6da23d35f4498aa7a2d00e06613fd3bbf8de8a62ed2d354
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:24:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 622311873d3819b9911301b09bc2d43c
9f08d648e40479aa12da033da15b80a15017c739
6138674cec17da8b7bb02bf0686bf3e7aefa2bce6a5f844ebd80e10b665818b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:24:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/G3g8eVSbU0Q
216.58.211.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/G3g8eVSbU0Q
IP 216.58.211.3:0
Hash c18ad127f7edefbdacee6c332ddff048
59f4b1f44fa92090a09ba5546b9c0070ca68ec11
f013dfe95d18d9e9be08e752937b7131cfa9814c8ce8522a2eac68640f5d2752
POST /s/gts1p5/G3g8eVSbU0Q HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:24:25 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
en.elbwaba.com/qa-theme/SnowFlat/qa-styles.css?1.8.6
172.67.141.177200 OK 16 kB URL HTTP/2 en.elbwaba.com/qa-theme/SnowFlat/qa-styles.css?1.8.6
IP 172.67.141.177:0
File type ASCII text, with CRLF line terminators
Hash e62f7351790ebcdf58143ef77fefca32
a9bc6b79748331e13967f4dbc4f91c6637b04746
af2032cb41ed795fb51061e9330c9fe33fef4613f4443b80e77e2865958b9564
Analyzer Verdict Alert fortinet Malware
GET /qa-theme/SnowFlat/qa-styles.css?1.8.6 HTTP/1.1
Host: en.elbwaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.elbwaba.com/27/are-crypto-trading-bots-legit
Cookie: PHPSESSID=4b91a0a895c2a464d787000152e5dcd4; qa_key=4dn6iks51orrsboccxj6drk0at9o3kk6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:24:25 GMT
content-type: text/css
last-modified: Wed, 21 Apr 2021 04:04:58 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 5318
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M55i92tV%2F3JpGU%2BxlbVTemhxRDIQM2trAwq8XqHvAaeQry5y6xabNuyt988w61Dd5NYrujP5b8NUuweCQs1npOwTLrkAWUo2PMtc4wjbudxHZdYnl%2BT4wGEcfcA0pNIv7w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7907fd01b8951c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
en.elbwaba.com/qa-theme/SnowFlat/js/snow-core.js?1.8.6
172.67.141.177200 OK 2.8 kB URL HTTP/2 en.elbwaba.com/qa-theme/SnowFlat/js/snow-core.js?1.8.6
IP 172.67.141.177:0
File type ASCII text, with CRLF line terminators
Hash a6e193c2f33ce779e5295fdcad72df5e
7bc9e4f95cfefc6f72ca6d9012df13bfec9550e8
a34be562c307998e72ff1b8b66854b6131730dea203ce6118ff0afecdbc0604b
Analyzer Verdict Alert fortinet Malware
GET /qa-theme/SnowFlat/js/snow-core.js?1.8.6 HTTP/1.1
Host: en.elbwaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.elbwaba.com/27/are-crypto-trading-bots-legit
Cookie: PHPSESSID=4b91a0a895c2a464d787000152e5dcd4; qa_key=4dn6iks51orrsboccxj6drk0at9o3kk6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:24:25 GMT
content-type: application/javascript
last-modified: Wed, 21 Apr 2021 04:04:58 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 5318
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XSHUreseeDZIVWGxrfHvlh%2F1JFumSVP434i9vgg7CZ7FzuHw4bfBOim23Eaz4FIlGGVnCmw8hCCqTLEiBbowYUnzYervB1UTZLTDxrTAun%2BXkZCPIOIHKUHDNIJKl%2BrsXg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7907fd01c8a01c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
en.elbwaba.com/qa-content/qa-global.js?1.8.6
172.67.141.177200 OK 6.7 kB URL HTTP/2 en.elbwaba.com/qa-content/qa-global.js?1.8.6
IP 172.67.141.177:0
File type ASCII text, with CRLF line terminators
Hash 0549e72a2f457cc63cfe1fad351f47eb
a7da67b69d318c8b35aac23f2f0a3020eb37c0d4
41fa7cef0c0ed935d468614e599564224c2178727d9ea0ceb82b7feed6766f1f
GET /qa-content/qa-global.js?1.8.6 HTTP/1.1
Host: en.elbwaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.elbwaba.com/27/are-crypto-trading-bots-legit
Cookie: PHPSESSID=4b91a0a895c2a464d787000152e5dcd4; qa_key=4dn6iks51orrsboccxj6drk0at9o3kk6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:24:25 GMT
content-type: application/javascript
last-modified: Wed, 21 Apr 2021 04:04:56 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 5318
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eqCAE6FmWKu%2Fy5xaWHqiC9Gw0VxWogRemUdOuCto5z51RdymnWGxKyQkBcuAyXmpHKZsH5Mwh9ZH47Z0XLtRM8EbHWN%2B3e1t2PUXsquZaF73BSvjPJYLU25ztJb3ZH0Wrw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7907fd01b89c1c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
en.elbwaba.com/qa-theme/SnowFlat/images/icons/link-white.png
172.67.141.177200 OK 3.0 kB URL HTTP/2 en.elbwaba.com/qa-theme/SnowFlat/images/icons/link-white.png
IP 172.67.141.177:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 32b0cfc9698f8d73d65b30a33ef49115
d0018f65b9626b0686987d4e8f1d633fb17af607
dc0267e17f3bd3a2977910d47c34855d4c282e97502e6e1b0d3eb44b8b231405
GET /qa-theme/SnowFlat/images/icons/link-white.png HTTP/1.1
Host: en.elbwaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.elbwaba.com/qa-theme/SnowFlat/qa-styles.css?1.8.6
Cookie: PHPSESSID=4b91a0a895c2a464d787000152e5dcd4; qa_key=4dn6iks51orrsboccxj6drk0at9o3kk6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:24:25 GMT
content-type: image/png
content-length: 3026
last-modified: Tue, 15 Jan 2019 06:08:24 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 5318
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IwcYFdWThS3I%2BNn3dnDA31OG7UV0yHYrtA4oT6fWG3s61WEL4ayb1jgAYe1%2BbRmd%2BS4slHlPJbZ%2BRMTBNNoXIiTN%2FkgxjoyfNsKvJZSlQaS3V%2F0iJIuiKoTL1fSFxQuFqA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7907fd02290c1c02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
en.elbwaba.com/qa-theme/SnowFlat/images/icons/comment-white.png
172.67.141.177200 OK 2.9 kB URL HTTP/2 en.elbwaba.com/qa-theme/SnowFlat/images/icons/comment-white.png
IP 172.67.141.177:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 361d948a77bf3ebca57885dd5601181a
9f3175cc1d11587285befee18dcdb1262d9b6f64
eb69d9e0cb830e3add604e60faf8f784835e5f1ba28bb38850ba19784f30911d
GET /qa-theme/SnowFlat/images/icons/comment-white.png HTTP/1.1
Host: en.elbwaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.elbwaba.com/qa-theme/SnowFlat/qa-styles.css?1.8.6
Cookie: PHPSESSID=4b91a0a895c2a464d787000152e5dcd4; qa_key=4dn6iks51orrsboccxj6drk0at9o3kk6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:24:25 GMT
content-type: image/png
content-length: 2906
last-modified: Tue, 15 Jan 2019 06:08:24 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 5318
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2O%2FHgiOc6TTx30gwNn40G2yLpJseebD7drFMAUqxIZXVUjV4pQeVEQNEfC4Elx4QGIyhEYH7Fn4%2BdE%2FKa3k3amzsEd95bQqgGf3nwJlRg3ep7t9xeaHxER4BiEBV%2FyIbyw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7907fd02290f1c02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
en.elbwaba.com/qa-theme/SnowFlat/images/spinner-icon-14x14.gif?1410117644
172.67.141.177200 OK 7.8 kB URL HTTP/2 en.elbwaba.com/qa-theme/SnowFlat/images/spinner-icon-14x14.gif?1410117644
IP 172.67.141.177:0
File type GIF image data, version 89a, 14 x 14\012- data
Hash baa90f5e1a366d64a56c6bdc20463880
a5fc4c07afc4c856ff09a4ed6cee0a26487946a9
07a75636966b34dd8bbafee0ebced659b03bab0e57641e1fa035ca7da0bd39ce
GET /qa-theme/SnowFlat/images/spinner-icon-14x14.gif?1410117644 HTTP/1.1
Host: en.elbwaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.elbwaba.com/qa-theme/SnowFlat/qa-styles.css?1.8.6
Cookie: PHPSESSID=4b91a0a895c2a464d787000152e5dcd4; qa_key=4dn6iks51orrsboccxj6drk0at9o3kk6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:24:25 GMT
content-type: image/gif
content-length: 7781
last-modified: Tue, 15 Jan 2019 06:08:24 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 5318
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fE%2FRKkZEWVxX84oRq8GJrq7RoCo5KCcQ1ojeOPzlUnTazR9EIVla3qnMrQeRZ%2F0syyx2STjxN3S%2FlfIFGbqqA0b4CZl5iCyQ4H%2BuqK5Nikji8IckO3%2Bh7NyWn67wcu99%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7907fd0239131c02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
en.elbwaba.com/qa-theme/SnowFlat/fonts/fontello.woff?70015067
172.67.141.177200 OK 7.2 kB URL HTTP/2 en.elbwaba.com/qa-theme/SnowFlat/fonts/fontello.woff?70015067
IP 172.67.141.177:0
File type Web Open Font Format, TrueType, length 7200, version 1.0\012- data
Hash 032102e77ed40c63761279956b30f59f
b40bfc143f60a96b35a760a73f18dd3934eebc08
c7aca9ebef12465aad206aae5351ba575eebe4b5e3f0fb1d99f4f92f1c4f396d
Analyzer Verdict Alert fortinet Malware
GET /qa-theme/SnowFlat/fonts/fontello.woff?70015067 HTTP/1.1
Host: en.elbwaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://en.elbwaba.com/qa-theme/SnowFlat/qa-styles.css?1.8.6
Cookie: PHPSESSID=4b91a0a895c2a464d787000152e5dcd4; qa_key=4dn6iks51orrsboccxj6drk0at9o3kk6
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:24:25 GMT
content-type: font/woff
content-length: 7200
last-modified: Tue, 26 Jul 2016 07:31:58 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 5318
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GPD2uwrU9GAYOV%2Btod1HQw6FRYy2jAX1J%2BvzwGdPn%2BFC1blxTVSS024%2BsoZVGcHzz6%2FPwO0wuSNPadNoENJ1KcN4ihVJ5bgnaU9nYlY4kQQA7bvpY8%2Fy0%2FzZEaaBYyD%2Baw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7907fd0249241c02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
en.elbwaba.com/qa-theme/SnowFlat/fonts/ubuntu-regular.woff2
172.67.141.177200 OK 22 kB URL HTTP/2 en.elbwaba.com/qa-theme/SnowFlat/fonts/ubuntu-regular.woff2
IP 172.67.141.177:0
File type Web Open Font Format (Version 2), TrueType, length 22388, version 1.0\012- data
Hash 15b31ac9865cf59ee66305ceae84eeca
a7dc7a8504e47449000ea52f24ec10b34526b60c
02e4551debbf743ff34d013ba7b0a5440fa88958b9c406105a55612721cba16c
Analyzer Verdict Alert fortinet Malware
GET /qa-theme/SnowFlat/fonts/ubuntu-regular.woff2 HTTP/1.1
Host: en.elbwaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://en.elbwaba.com/27/are-crypto-trading-bots-legit
Cookie: PHPSESSID=4b91a0a895c2a464d787000152e5dcd4; qa_key=4dn6iks51orrsboccxj6drk0at9o3kk6
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:24:25 GMT
content-type: font/woff2
content-length: 22388
last-modified: Tue, 15 Jan 2019 06:08:24 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 5318
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fdx%2FOn0HMx2WIdDoR7tl059BoebVcBzTYpI4RRRmSMPGhZRgg1ZzXfVxDSjI2A46v31fTxRP81oDabAxtp9agXAVAjthXDvyDXPl1HHCOSTktCgU661bAddI8xMjT%2BTvJg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7907fd0249211c02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
en.elbwaba.com/qa-theme/SnowFlat/fonts/ubuntu-italic.woff2
172.67.141.177200 OK 25 kB URL HTTP/2 en.elbwaba.com/qa-theme/SnowFlat/fonts/ubuntu-italic.woff2
IP 172.67.141.177:0
File type Web Open Font Format (Version 2), TrueType, length 24808, version 1.0\012- data
Hash 5d7f3d1466e3a11a8b8efc09ff61cf2e
f5a1612b04cc49ebad65192db33a7cc498ef2409
1f1c7364ef5f163cddba63301931db5e1eff87ecc1cd2e9704c10c6f92417b54
Analyzer Verdict Alert fortinet Malware
GET /qa-theme/SnowFlat/fonts/ubuntu-italic.woff2 HTTP/1.1
Host: en.elbwaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://en.elbwaba.com/27/are-crypto-trading-bots-legit
Cookie: PHPSESSID=4b91a0a895c2a464d787000152e5dcd4; qa_key=4dn6iks51orrsboccxj6drk0at9o3kk6
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:24:25 GMT
content-type: font/woff2
content-length: 24808
last-modified: Tue, 15 Jan 2019 06:08:24 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 5318
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qXePQOkRA8ECv87Qq%2BsDsq1%2FyZwm4FZn9BU6WRqbnej2OpSwTAujtTeKZ1WNFI1t8rnmGi%2Bo7yRotM6Fm3PtutedcZnpe8H0MjRT0jQ7106xVgTHPbMhnW79Lg1D%2BjXlNw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7907fd0269481c02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
en.elbwaba.com/qa-theme/SnowFlat/fonts/ubuntu-bold.woff2
172.67.141.177200 OK 23 kB URL HTTP/2 en.elbwaba.com/qa-theme/SnowFlat/fonts/ubuntu-bold.woff2
IP 172.67.141.177:0
File type Web Open Font Format (Version 2), TrueType, length 22800, version 0.-11076\012- data
Hash 599ac1c7e3993595927b6610aced3f00
12b786d7422dbf88ad4fd730d6925782dee3027b
0c520384d05689f51e9846895c1f3572c39bc954504d2eed090432c4b08d6d3f
Analyzer Verdict Alert fortinet Malware
GET /qa-theme/SnowFlat/fonts/ubuntu-bold.woff2 HTTP/1.1
Host: en.elbwaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://en.elbwaba.com/27/are-crypto-trading-bots-legit
Cookie: PHPSESSID=4b91a0a895c2a464d787000152e5dcd4; qa_key=4dn6iks51orrsboccxj6drk0at9o3kk6
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:24:25 GMT
content-type: font/woff2
content-length: 22800
last-modified: Tue, 15 Jan 2019 06:08:24 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 5318
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pMMrVnKDUvtUPuXj5NbcItWiBwpiDK4%2BWiaUi5yQMgLrB9IsB8EqYUwH9QyE%2BrOxPnHQwDEGqe0TEChdkrq2pyA2yVHw2ywADqt%2FBG5bpz9%2BAwt4CRplRPMVDNxAmuqGiw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7907fd0279491c02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/G3g8eVSbU0Q
216.58.211.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/G3g8eVSbU0Q
IP 216.58.211.3:0
Hash c18ad127f7edefbdacee6c332ddff048
59f4b1f44fa92090a09ba5546b9c0070ca68ec11
f013dfe95d18d9e9be08e752937b7131cfa9814c8ce8522a2eac68640f5d2752
POST /s/gts1p5/G3g8eVSbU0Q HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:24:25 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
en.elbwaba.com/qa-theme/SnowFlat/images/search-icon-white.png
172.67.141.177200 OK 1.4 kB URL HTTP/2 en.elbwaba.com/qa-theme/SnowFlat/images/search-icon-white.png
IP 172.67.141.177:0
File type PNG image data, 36 x 36, 8-bit/color RGBA, interlaced\012- data
Hash d7bb9c767a3d489bb312bf0edec2bd62
74d64044c075c6f1055b87bfbadb6311e5d702b7
075c15c5e5b127cfd89b352a4f8e8d615d0abcc80977022ba45ad2032d26f535
GET /qa-theme/SnowFlat/images/search-icon-white.png HTTP/1.1
Host: en.elbwaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.elbwaba.com/qa-theme/SnowFlat/qa-styles.css?1.8.6
Cookie: PHPSESSID=4b91a0a895c2a464d787000152e5dcd4; qa_key=4dn6iks51orrsboccxj6drk0at9o3kk6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:24:25 GMT
content-type: image/png
content-length: 1412
last-modified: Tue, 15 Jan 2019 06:08:24 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8PcwP3aHCSWsHg9xdky4xroH2Lzn50%2F6Pa28OZY3c%2FL5BaW1P0qMD4tDWZ%2B2i81dsp3gJ%2FL%2F9IBxR%2B8TpmHlu7b%2B%2FYYPszknRcRDOrdSHL%2F7z4fuhaCD54y2d3ku%2F5a5Gw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7907fd0229101c02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.passionateinmarketing.com/wp-content/uploads/2021/09/Pros-and-Cons-Different-Roles-of-Crypto-Trading-Bots.jpg
104.21.51.175200 OK 63 kB URL HTTP/2 www.passionateinmarketing.com/wp-content/uploads/2021/09/Pros-and-Cons-Different-Roles-of-Crypto-Trading-Bots.jpg
IP 104.21.51.175:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 900x500, components 3\012- data
Hash 0e821d3342654f0e42c1240d3d3b53df
5d3c8f1a579228ec188ced088405b1cfe0322c92
20f1ef6d458cb26d6ea07d30dd125c155d23043ad3c957ccdd3cf2a009910434
GET /wp-content/uploads/2021/09/Pros-and-Cons-Different-Roles-of-Crypto-Trading-Bots.jpg HTTP/1.1
Host: www.passionateinmarketing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.elbwaba.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:24:25 GMT
content-type: image/jpeg
content-length: 63022
last-modified: Mon, 13 Sep 2021 05:13:47 GMT
etag: "613ede0b-f62e"
expires: Sat, 04 Feb 2023 07:24:25 GMT
cache-control: max-age=604800
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kUtzFsuHXPMcRWvo55YDR4BV2YBvNSkkOnjy2RK4F22eGqEn%2FqlcPz9wA9J2TZWCxuz0TP6WzHbp6IHKkcTO00l77718uBtSca1FxfVL%2FMB%2FfnHHB1OdoqV87n5UkOZzW%2FclSeYXhxz40GG2JYdaEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7907fd01ef89b4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash e7ebbff54ced2c07469b302fc6d44078
f59983c844c398bd37705051ca685b2d07d85726
04eb3bd7658c1112bfc1d0098e8d7f5fafdb10459e3290c0d4e6a17e65a5494f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:24:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash e7ebbff54ced2c07469b302fc6d44078
f59983c844c398bd37705051ca685b2d07d85726
04eb3bd7658c1112bfc1d0098e8d7f5fafdb10459e3290c0d4e6a17e65a5494f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:24:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11229
Expires: Sat, 28 Jan 2023 10:31:34 GMT
Date: Sat, 28 Jan 2023 07:24:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11229
Expires: Sat, 28 Jan 2023 10:31:34 GMT
Date: Sat, 28 Jan 2023 07:24:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11229
Expires: Sat, 28 Jan 2023 10:31:34 GMT
Date: Sat, 28 Jan 2023 07:24:25 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash e7ebbff54ced2c07469b302fc6d44078
f59983c844c398bd37705051ca685b2d07d85726
04eb3bd7658c1112bfc1d0098e8d7f5fafdb10459e3290c0d4e6a17e65a5494f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:24:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1440562457773158
142.250.74.162200 OK 50 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1440562457773158
IP 142.250.74.162:0
File type ASCII text, with very long lines (3649)
Hash 03738ef9f9a9f9bdb42fdceec82ad585
54ee207fb22a55d8f6531daea2a4c9d633328a34
3027fe1480ecbc9c56fccc3db89662f79550b23ced7a11f001b0e0da3e35ee3b
GET /pagead/js/adsbygoogle.js?client=ca-pub-1440562457773158 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://en.elbwaba.com
Connection: keep-alive
Referer: https://en.elbwaba.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 28 Jan 2023 07:24:25 GMT
expires: Sat, 28 Jan 2023 07:24:25 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 8755610748508528731
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 49882
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 131eb343c5abd61939457d69bd371348
ffb2035cf64fc83f01db5c6f26ffa264b6aac95b
8486eb9dc6325018f8721bc6f37408f260b6e652b145280f2d778d860d3ec2d5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7538
x-amzn-requestid: 113924cc-a196-4dbd-91d9-68c213265afe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3fobF-ZoAMFjjA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61302-6b24941a642b22cf21e47dc0;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2P09wOtKPDHjxxAuzcLFMQJwmGN1zNJcH9LA6IJpeaGiaPVRF4y-TA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:14:23 GMT
age: 33002
etag: "ffb2035cf64fc83f01db5c6f26ffa264b6aac95b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:46 GMT
age: 34059
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
en.elbwaba.com/27/are-crypto-trading-bots-legit
172.67.141.177200 OK 45 kB URL HTTP/2 en.elbwaba.com/27/are-crypto-trading-bots-legit
IP 172.67.141.177:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (4133)
Hash f49939c213c59f6dafcadfbab8565e54
9a03662c047f6f582a6ef5e3624c2d3e42307df5
3f28cbc4d748b305244b01c0b2bf5f5b11b605d72b8616fe18a6b57a039050cb
Analyzer Verdict Alert fortinet Malware
GET /27/are-crypto-trading-bots-legit HTTP/1.1
Host: en.elbwaba.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 07:24:25 GMT
content-type: text/html; charset=utf-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=4b91a0a895c2a464d787000152e5dcd4; path=/
qa_key=4dn6iks51orrsboccxj6drk0at9o3kk6; expires=Mon, 30-Jan-2023 07:24:25 GMT; Max-Age=172800; path=/; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tAUFR77vOQqkpOYjdIB0ff78Z9UGt3yD5t67H1bCSVdTdIrVdlzg3%2B%2Fcp2ij30IqiEkyMN18Sj0l2mdZ2zMyg7fAhQO%2BOW%2F%2By5cWs6NxyX0wMvqK2ONkqul9m8onm2Ofvg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7907fd00cfff1c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ed7c466-ac98-4e05-89cf-f0abf56e8d98.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ed7c466-ac98-4e05-89cf-f0abf56e8d98.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c982569d070f24dba1259603091c22e3
0f93acb5bee53670cc4ef486922f7333d96a2f4e
9a5a2d8a181a763ee6f60c27b396a0e3d7b1527e5177b2aff8d511db250753ed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ed7c466-ac98-4e05-89cf-f0abf56e8d98.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4975
x-amzn-requestid: 633350b7-4686-40d5-8c9d-3c097f8e2d34
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-EBGuaoAMFbSw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443b3-4201212c1a0eb2a65d3f494c;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: M4VR-I89SGD0-FLzHhZ88PJJJmdWTEi0UrBnAmCBCQAdjRsssqnSzw==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:49:06 GMT
age: 34519
etag: "0f93acb5bee53670cc4ef486922f7333d96a2f4e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33ce0741-fcf6-4205-8b3a-016953553eaf.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33ce0741-fcf6-4205-8b3a-016953553eaf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 195316042e7f798eeeb7993fecb3a383
4aeca24ad4702f87feaf9674ea0c1ff6d71826a3
b7e0a61060455241fce844d2c91eca500d409804361063ddb61053cbc9c7b1c1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F33ce0741-fcf6-4205-8b3a-016953553eaf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13376
x-amzn-requestid: 64d0092e-1f1a-4183-a4a6-805e0bf37d32
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-DvHIyoAMF6fA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443b1-6387770232ddca74531bce91;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8cRGlncOQ6qYv7qbI1HxTz-qUYJkTVa5V2qJM1C8XM5dmyXFA8qRvA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:48:58 GMT
age: 34527
etag: "4aeca24ad4702f87feaf9674ea0c1ff6d71826a3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash e7ebbff54ced2c07469b302fc6d44078
f59983c844c398bd37705051ca685b2d07d85726
04eb3bd7658c1112bfc1d0098e8d7f5fafdb10459e3290c0d4e6a17e65a5494f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:24:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/html/r20230124/r20190131/zrt_lookup.html
216.58.211.2200 OK 4.2 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/html/r20230124/r20190131/zrt_lookup.html
IP 216.58.211.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2579)
Hash 2fb3574102373e2e076cfa2ff90cdf25
d06c985183def975546d6e47ab6369c11dcf7195
e61cbc207f7fc2f429deceff11e7a339a3d9a9574da6d035054eba02ee381345
GET /pagead/html/r20230124/r20190131/zrt_lookup.html HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.elbwaba.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 4242
x-xss-protection: 0
date: Sat, 28 Jan 2023 03:54:17 GMT
expires: Sat, 11 Feb 2023 03:54:17 GMT
cache-control: public, max-age=1209600
age: 12608
etag: 10353107486223812946
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 4abb97e5fd107cb87b896feb33a2159b
757fc267c534b8f5191f97d4c6dce60753e965f2
88d691d314752499a884e54232b88c0d19e4c8163236851b99a0b0d3ac0d7f8a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:24:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 4abb97e5fd107cb87b896feb33a2159b
757fc267c534b8f5191f97d4c6dce60753e965f2
88d691d314752499a884e54232b88c0d19e4c8163236851b99a0b0d3ac0d7f8a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:24:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash c083fb68af37d6c700a3fa4eb04a29cb
9b3ff3c9c0bd7dc448eb18e74ddc029f7c18dc9a
3ea0d4252ad90ee13a6b23ebd1144639f7bb73e4d96ef2590b21a155809e65e2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:24:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash ab04da9bc46246cc0001464e7f6b5e19
01ce4f7004aec7a24d4545a1e742ab6a1e639b48
22e519a39cb2e7e5f6da23d35f4498aa7a2d00e06613fd3bbf8de8a62ed2d354
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:24:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=en.elbwaba.com
142.250.74.162200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=en.elbwaba.com
IP 142.250.74.162:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=en.elbwaba.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.elbwaba.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 28 Jan 2023 07:24:25 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=en.elbwaba.com
172.217.21.162200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=en.elbwaba.com
IP 172.217.21.162:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=en.elbwaba.com HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.elbwaba.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 28 Jan 2023 07:24:25 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash c083fb68af37d6c700a3fa4eb04a29cb
9b3ff3c9c0bd7dc448eb18e74ddc029f7c18dc9a
3ea0d4252ad90ee13a6b23ebd1144639f7bb73e4d96ef2590b21a155809e65e2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:24:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230124&st=env
142.250.74.162200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230124&st=env
IP 142.250.74.162:0
File type JSON data\012- , ASCII text, with very long lines (14618), with no line terminators
Hash 91e32fde9dd851046bde772adcaf2e4c
c5739d6733290a6619e10b5b029fece0fc04dfc2
ba7ef833333ca6cd7a017ce93b9c214aecd7341852eef05710b96105e379fc69
GET /getconfig/sodar?sv=200&tid=gda&tv=r20230124&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://en.elbwaba.com
Connection: keep-alive
Referer: https://en.elbwaba.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Sat, 28 Jan 2023 07:24:26 GMT
server: cafe
content-length: 11033
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 17504951994384b5dfa3387f5e8b684f
d76ab271cbc580a05222ec155fbc0e82545ae97c
f7e09c196a20bed2d1c1f6fada5eb982e04880a2f1c8c24d7fdce87e46152c3d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:24:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/sodar/sodar2.js
216.58.207.193200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 216.58.207.193:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.elbwaba.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Sat, 28 Jan 2023 07:24:26 GMT
expires: Sat, 28 Jan 2023 07:24:26 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2/225/runner.html
216.58.207.193200 OK 5.0 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2/225/runner.html
IP 216.58.207.193:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2020)
Hash f530c16b248be97e10df228df6a41c24
ca3c3a38bbeef6906682b3e0b2a7be40c08b0925
f45287dcfd79a2411e79f98c834c6f7eff8a281a9b4fdba0124be9d204987786
GET /sodar/sodar2/225/runner.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.elbwaba.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jan 2023 20:43:30 GMT
expires: Fri, 26 Jan 2024 20:43:30 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 124856
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/bg/V3SsRWZOfA-pKEWNVYsb3GaVjAUiaK0X1iPK6a1PXlU.js
142.250.74.162200 OK 14 kB URL HTTP/2 pagead2.googlesyndication.com/bg/V3SsRWZOfA-pKEWNVYsb3GaVjAUiaK0X1iPK6a1PXlU.js
IP 142.250.74.162:0
File type ASCII text, with very long lines (35919)
Hash 9c4d98a05d87a2f96a5fdf4e1d245e31
b18eefe1c4140845b80225411f631f959831ce20
f36daa66f69510ecf68327c96697ff61c7fdfd052501b5d04483e02d5bd7251a
GET /bg/V3SsRWZOfA-pKEWNVYsb3GaVjAUiaK0X1iPK6a1PXlU.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tpc.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14206
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jan 2023 05:06:00 GMT
expires: Fri, 26 Jan 2024 05:06:00 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 19 Jan 2023 11:48:00 GMT
content-type: text/javascript
age: 181106
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 622311873d3819b9911301b09bc2d43c
9f08d648e40479aa12da033da15b80a15017c739
6138674cec17da8b7bb02bf0686bf3e7aefa2bce6a5f844ebd80e10b665818b8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 07:24:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api2/aframe
216.58.207.228200 OK 513 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP 216.58.207.228:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash efd09d8a7ac52078b50b2bcae9ce62c9
c22141b711eec8f6df29855cd24268ed0569b637
8add134dc4962e62b2400c6178c49a1d7bb721be1a08ed6f972c27686e6805e3
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.elbwaba.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 28 Jan 2023 07:24:26 GMT
date: Sat, 28 Jan 2023 07:24:26 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-3V8SSQ6LVTvdxEpuMV_Q6Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230124&jk=2097306310071933&rc=
142.250.74.162204 No Content 0 B URL HTTP/2 pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230124&jk=2097306310071933&rc=
IP 142.250.74.162:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/sodar?id=sodar2&v=225&li=gda_r20230124&jk=2097306310071933&rc= HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 28 Jan 2023 07:24:26 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230124&jk=2097306310071933&bg=!dnWldTHNAAZSrDxfcqw7ACkAdvg8WriLx15MIB-Cn41LEvAWm9ftCDDIzwye373ZKh0gxU2LawSMYQIAAACAUgAAAAJoAQcKAH_3vPqFSa89Bjg1ZK0wN63ZLJ4ab1QAtNvtPQCUD1kQBMMLIQH6y_C4mw6_2XUS2ARy1slZTfT3o_LpJFdKiVwjoRtsfFltDzOSn-mSryiaiBY0mXZ4oxEmeGWXmIk3Ax-YnBS69Flco3Q-633LdbXRpkD5-zuEthX81eSphu3VmQKZls2sPARBGLwCsqkG4sHI7c5h9TjxIK7nNlubkVHWa0-lV5cbDJvIxluv45hTuAJ5Bmkhghsi8aa8jrrG8QJ8lFkhkmp4Kw9C0jufwj1WN3sVu5F52Pn96_8MzRxD30oGmSI9EKknc9lLAGHspdycXpjztRp-mjNrMWIGWRW1VrF9N4fQbTf3SJyEHPDsishzLixMhYh1M4fsChi4iUkjjEgP_2Odz-yRLuIE8vExs6iZAGMRdpCpgUXZymg01MRhBgczpn3LyoWjHhJEm02JtwxBEFJikyxTaDXzv1oC9zPBUZa95fvmNR0CDgl0R8BeESbS_pmPcug4w5nQvSMxgr2ydi_o3zUpef7MoziklbsA-f8PFqcKuNutpl_LGjiKFdmY_rPpKW9W9g6cdO30nOkWj-SohkUp5cHPwpZ4or5nKnQnbcMbwQMf-ybEcoME3FSyo40xc16ZA5pbxgpNNUc0Fsrquy2pndhj2EGcAk8lWIWFnmeGVrg7FjOm-98qXfywQm5WtZWJUD2Yf1_yrNfjRemc4_wJGVY_s2PLkY87Js3oDdnfVDpndhI5v_1_mPKcGGguGmbAtLv7kCiFoveIB1qMOqI--dEnU4HYIpfAMQToQcnv-vgl1eJBv6FrZZMOOrPsYJ9D5XC79Lr45vXpBh5PQMvutbYuuZTpYbTtLaLNHTy0Mijg_Mo_WpcjDjOSQ4eciufX-pZ84e8DfElTfGcNIdyOh-QYoqsI6gHL7NpXRWU7YNONnY0_-pr08dJSGiD36yaPq15S_TmjflKla4AhIYi_goONKO6YPg278ZA-vb7rl5uodOa_38NiZRuf1K-IacUq6hkaigPJKihlQZEiEoXEoASbGug-ytePmdzaoBsTCq8
142.250.74.162204 No Content 0 B URL HTTP/2 pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230124&jk=2097306310071933&bg=!dnWldTHNAAZSrDxfcqw7ACkAdvg8WriLx15MIB-Cn41LEvAWm9ftCDDIzwye373ZKh0gxU2LawSMYQIAAACAUgAAAAJoAQcKAH_3vPqFSa89Bjg1ZK0wN63ZLJ4ab1QAtNvtPQCUD1kQBMMLIQH6y_C4mw6_2XUS2ARy1slZTfT3o_LpJFdKiVwjoRtsfFltDzOSn-mSryiaiBY0mXZ4oxEmeGWXmIk3Ax-YnBS69Flco3Q-633LdbXRpkD5-zuEthX81eSphu3VmQKZls2sPARBGLwCsqkG4sHI7c5h9TjxIK7nNlubkVHWa0-lV5cbDJvIxluv45hTuAJ5Bmkhghsi8aa8jrrG8QJ8lFkhkmp4Kw9C0jufwj1WN3sVu5F52Pn96_8MzRxD30oGmSI9EKknc9lLAGHspdycXpjztRp-mjNrMWIGWRW1VrF9N4fQbTf3SJyEHPDsishzLixMhYh1M4fsChi4iUkjjEgP_2Odz-yRLuIE8vExs6iZAGMRdpCpgUXZymg01MRhBgczpn3LyoWjHhJEm02JtwxBEFJikyxTaDXzv1oC9zPBUZa95fvmNR0CDgl0R8BeESbS_pmPcug4w5nQvSMxgr2ydi_o3zUpef7MoziklbsA-f8PFqcKuNutpl_LGjiKFdmY_rPpKW9W9g6cdO30nOkWj-SohkUp5cHPwpZ4or5nKnQnbcMbwQMf-ybEcoME3FSyo40xc16ZA5pbxgpNNUc0Fsrquy2pndhj2EGcAk8lWIWFnmeGVrg7FjOm-98qXfywQm5WtZWJUD2Yf1_yrNfjRemc4_wJGVY_s2PLkY87Js3oDdnfVDpndhI5v_1_mPKcGGguGmbAtLv7kCiFoveIB1qMOqI--dEnU4HYIpfAMQToQcnv-vgl1eJBv6FrZZMOOrPsYJ9D5XC79Lr45vXpBh5PQMvutbYuuZTpYbTtLaLNHTy0Mijg_Mo_WpcjDjOSQ4eciufX-pZ84e8DfElTfGcNIdyOh-QYoqsI6gHL7NpXRWU7YNONnY0_-pr08dJSGiD36yaPq15S_TmjflKla4AhIYi_goONKO6YPg278ZA-vb7rl5uodOa_38NiZRuf1K-IacUq6hkaigPJKihlQZEiEoXEoASbGug-ytePmdzaoBsTCq8
IP 142.250.74.162:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230124&jk=2097306310071933&bg=!dnWldTHNAAZSrDxfcqw7ACkAdvg8WriLx15MIB-Cn41LEvAWm9ftCDDIzwye373ZKh0gxU2LawSMYQIAAACAUgAAAAJoAQcKAH_3vPqFSa89Bjg1ZK0wN63ZLJ4ab1QAtNvtPQCUD1kQBMMLIQH6y_C4mw6_2XUS2ARy1slZTfT3o_LpJFdKiVwjoRtsfFltDzOSn-mSryiaiBY0mXZ4oxEmeGWXmIk3Ax-YnBS69Flco3Q-633LdbXRpkD5-zuEthX81eSphu3VmQKZls2sPARBGLwCsqkG4sHI7c5h9TjxIK7nNlubkVHWa0-lV5cbDJvIxluv45hTuAJ5Bmkhghsi8aa8jrrG8QJ8lFkhkmp4Kw9C0jufwj1WN3sVu5F52Pn96_8MzRxD30oGmSI9EKknc9lLAGHspdycXpjztRp-mjNrMWIGWRW1VrF9N4fQbTf3SJyEHPDsishzLixMhYh1M4fsChi4iUkjjEgP_2Odz-yRLuIE8vExs6iZAGMRdpCpgUXZymg01MRhBgczpn3LyoWjHhJEm02JtwxBEFJikyxTaDXzv1oC9zPBUZa95fvmNR0CDgl0R8BeESbS_pmPcug4w5nQvSMxgr2ydi_o3zUpef7MoziklbsA-f8PFqcKuNutpl_LGjiKFdmY_rPpKW9W9g6cdO30nOkWj-SohkUp5cHPwpZ4or5nKnQnbcMbwQMf-ybEcoME3FSyo40xc16ZA5pbxgpNNUc0Fsrquy2pndhj2EGcAk8lWIWFnmeGVrg7FjOm-98qXfywQm5WtZWJUD2Yf1_yrNfjRemc4_wJGVY_s2PLkY87Js3oDdnfVDpndhI5v_1_mPKcGGguGmbAtLv7kCiFoveIB1qMOqI--dEnU4HYIpfAMQToQcnv-vgl1eJBv6FrZZMOOrPsYJ9D5XC79Lr45vXpBh5PQMvutbYuuZTpYbTtLaLNHTy0Mijg_Mo_WpcjDjOSQ4eciufX-pZ84e8DfElTfGcNIdyOh-QYoqsI6gHL7NpXRWU7YNONnY0_-pr08dJSGiD36yaPq15S_TmjflKla4AhIYi_goONKO6YPg278ZA-vb7rl5uodOa_38NiZRuf1K-IacUq6hkaigPJKihlQZEiEoXEoASbGug-ytePmdzaoBsTCq8 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://en.elbwaba.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 28 Jan 2023 07:24:26 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.mds.com.cy/
64.207.145.68200 OK 0 B IP 64.207.145.68:0
ASN #398110 GO-DADDY-COM-LLC
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: cdn.mds.com.cy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 07:24:24 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.33, PleskLin
content-encoding: br
X-Firefox-Spdy: h2