1wmdru.top/
190.115.24.78301 Moved Permanently 175 B IP 190.115.24.78:0
ASN #262254 DDOS-GUARD CORP.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 27d3037d4815f88b7bb724cb258524e1
092678ca1f61e13d97f37f7be9438e7b32b722e9
0c0a343c76a265d5b6b5b3708383afaf77f187eaa7f3fa8f1fec18cdf4ebe198
Analyzer Verdict Alert fortinet Phishing
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.top domain
GET / HTTP/1.1
Host: 1wmdru.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: openresty/1.19.9.1
Date: Sat, 01 Apr 2023 22:18:17 GMT
Content-Type: text/html
Content-Length: 175
Connection: keep-alive
Location: https://1wmdru.top
X-Frame-Options: DENY
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 035772439731bbe3992c865f68e4b977
53fe2d0f678772b6b3e935aaca4d1ef82767e48f
9880ae6537e30af38e8d7ed612a5a44a54037d86686c63ef7eeebcc62cbda05f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9880AE6537E30AF38E8D7ED612A5A44A54037D86686C63EF7EEEBCC62CBDA05F"
Last-Modified: Sat, 01 Apr 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6984
Expires: Sun, 02 Apr 2023 00:14:41 GMT
Date: Sat, 01 Apr 2023 22:18:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b3c6ad41618caef9613685a8f786def7
ce6e1256460e0d28da63f797e14a77c1477d0779
ce87c093a66e4a2adfba7794f5db0428a0986b7e74690b773cbd7708ccca3f0e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CE87C093A66E4A2ADFBA7794F5DB0428A0986B7E74690B773CBD7708CCCA3F0E"
Last-Modified: Sat, 01 Apr 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3385
Expires: Sat, 01 Apr 2023 23:14:42 GMT
Date: Sat, 01 Apr 2023 22:18:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a57eb49c1ac36edd2db6573eb357bd87
592724177530a39ce4af02874beb776b91fefbbe
0dd258adc062ad2b6f5ce8fec0457e55e594c942817f37509ca2d1f2e8152edf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0DD258ADC062AD2B6F5CE8FEC0457E55E594C942817F37509CA2D1F2E8152EDF"
Last-Modified: Fri, 31 Mar 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4077
Expires: Sat, 01 Apr 2023 23:26:14 GMT
Date: Sat, 01 Apr 2023 22:18:17 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4ad6984a756720fbfff47b37a75513a2
355e35258114452af8b9638985ed9d8ef3bf0aca
43181fccb10652c68cae86e5e32b4e8f426fb5ad49d8125cb99e072cff573cf5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 01 Apr 2023 21:28:31 GMT
content-type: application/json
age: 2986
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 95f61d351f5fc9533cc78e255ce9bc06
fba284117f347782ac23c51d141d7e3ec15a867e
7fcc5f9e52e389d8d7c6df7f1f2a1291ae0aaae8e554f3022239ab092b2ef3c3
GET /chains/remote-settings.content-signature.mozilla.org-2023-05-20-17-04-38.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: l4SiL41GdA4SRmME6btxqvIgtZmg8C3I4OV303Ft7Wy5GY1b0fS5NmIoxPemBepwjbgFs1AHvzQ=
x-amz-request-id: 3XQ5JVB46XWNQYH6
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 01 Apr 2023 21:52:06 GMT
age: 1571
last-modified: Fri, 31 Mar 2023 17:04:39 GMT
etag: "95f61d351f5fc9533cc78e255ce9bc06"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 01 Apr 2023 22:18:17 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7df6a2e6c691e1a2ad631179b413079a
d6043f89f7c596ae993fc62981b0e70d178879c2
57faba87c1ae916eb74f612e057b84185b3ddf58a9db98d7ccdf46f37d4f7c45
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "57FABA87C1AE916EB74F612E057B84185B3DDF58A9DB98D7CCDF46F37D4F7C45"
Last-Modified: Sat, 01 Apr 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21588
Expires: Sun, 02 Apr 2023 04:18:05 GMT
Date: Sat, 01 Apr 2023 22:18:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9e9f6891559058a4f43596719386a231
8b9bdfb379748c09759d43d9771a71269c0391d3
d1a9523b4094f8ce15ca02124033623203e20b8e375172c1f84491d6b4c0ea6c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D1A9523B4094F8CE15CA02124033623203E20B8E375172C1F84491D6B4C0EA6C"
Last-Modified: Fri, 31 Mar 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10143
Expires: Sun, 02 Apr 2023 01:07:20 GMT
Date: Sat, 01 Apr 2023 22:18:17 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Last-Modified, Expires, Retry-After, Cache-Control, Alert, Backoff, Pragma, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 01 Apr 2023 22:14:41 GMT
age: 216
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
push.services.mozilla.com/
34.117.65.55101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.117.65.55:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: tAo3vxltncZN/W+51ElDzw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: tj9HNM+8QjAOYib6ZYihgelJygw=
Date: Sat, 01 Apr 2023 22:18:17 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
1win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2
104.26.5.11200 OK 33 kB URL HTTP/2 1win-cdn.com/font/SFNSDisplay-latin.50a4eaff3.woff2
IP 104.26.5.11:0
File type Web Open Font Format (Version 2), TrueType, length 33064, version 1.0\012- data
Hash de175cbf569bb3ccf1f761c845cbd896
8d93663b858bae157ba5fc40e1400177104d71bd
df3772666587111462634070c47969ad9687bbf80d0694bb2e6c33be39434d68
GET /font/SFNSDisplay-latin.50a4eaff3.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wmdru.top
Connection: keep-alive
Referer: https://1wmdru.top/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:18 GMT
content-type: application/octet-stream
content-length: 33064
last-modified: Thu, 30 Mar 2023 11:02:41 GMT
etag: "64256c51-8128"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qaP%2BI%2B4VPBgBNj0%2BlildL2Iql3skfOOfIJW2%2BcQOc%2B4lThLHiqGSU6lMVbSLBtJLx4DIzZmO0rO%2FYMuGC%2FRISPkhwJiT1xSEPeAI5vmD%2FfC7vbG1qbfzoTBk9XGi6w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435067b420b55-OSL
X-Firefox-Spdy: h2
1win-cdn.com/font/SFNSText-latin.f09aa5229.woff2
104.26.5.11200 OK 44 kB URL HTTP/2 1win-cdn.com/font/SFNSText-latin.f09aa5229.woff2
IP 104.26.5.11:0
File type Web Open Font Format (Version 2), TrueType, length 43512, version 1.0\012- data
Hash 426f20bb65ea80d35f3f2a999d5d7d1e
85f211a450f26d7f0822d718fc61085a506fa455
06e02d3d2d01bb2c88786b0a2dd2d692f6659c0159ec4754f7db49c12e03b0d6
GET /font/SFNSText-latin.f09aa5229.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wmdru.top
Connection: keep-alive
Referer: https://1wmdru.top/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:18 GMT
content-type: application/octet-stream
content-length: 43512
last-modified: Thu, 30 Mar 2023 11:02:41 GMT
etag: "64256c51-a9f8"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NkkNUKQ4f%2BnQXd4k%2BS9BhirXJ7AAQKKYbPvw9UkFyO0ECp%2BECPXuV6XBvUzGAc0nBrI0m6NSixsnntiuqykQrx%2FF%2BFUDy80t6nHZROxMTNZc50oQ1KA%2BWe3wSgiuaA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435068b5a0b55-OSL
X-Firefox-Spdy: h2
1win-cdn.com/js/chunk-common.f1b48f749.js
104.26.5.11200 OK 5.8 kB URL HTTP/2 1win-cdn.com/js/chunk-common.f1b48f749.js
IP 104.26.5.11:0
File type ASCII text, with very long lines (17851)
Hash 49cacd298951c29a7f0988c38c029219
318b62bb21bec58adf4f9173c5c40eb461a5a6e5
51006e73117052ff1d6026053881f3c5e68849d4d151c2a4c1a66c7d93bf0a9d
GET /js/chunk-common.f1b48f749.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wmdru.top
Connection: keep-alive
Referer: https://1wmdru.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:18 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 30 Mar 2023 11:07:01 GMT
etag: W/"64256d55-45ee"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8vUZRNOLnnfo6XxyL3gG0crztIz%2FFIIiqCHDAOOpArL6uJbN13rENGue1sCJtvZsTrWvds9dGGoKhOMlHkivEmjQlGbZR8h99AIYiuoP%2BY9Vsh6xipVtEDN0GjuItQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435068b5d0b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
1win-cdn.com/css/77202.cc5a0f04e.css
104.26.5.11200 OK 33 kB URL HTTP/2 1win-cdn.com/css/77202.cc5a0f04e.css
IP 104.26.5.11:0
File type ASCII text, with very long lines (21032), with no line terminators
Hash dded10954bc508811247aee10a908a0b
9bded8901720ef11ffbd4989cc85884f7754ae2f
91e61af44365c5cf5460ee5f57c4ce5d71bb26d531b3fb545abe1928991d7b00
GET /css/77202.cc5a0f04e.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wmdru.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:18 GMT
content-type: text/css
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=21035
access-control-allow-origin: *
etag: W/"6422fbed-522b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 28 Mar 2023 14:38:37 GMT
cf-cache-status: HIT
age: 372540
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TsT9c%2BW0nmzchJRYTSwN%2F3SwuzCQTGFwEgnmugFyrtDGfKulurJHPqgIcFaU3515ld%2BU6YI9wXCqR3jyVibpnEvETQlGugnUyA4E5nC%2BdRApoDZVHscxCsFk6BSwkA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435098eecb524-OSL
content-encoding: br
X-Firefox-Spdy: h2
1wmdru.top/img/icons/favicon-16x16-darkmode.png
190.115.24.78200 OK 410 B URL HTTP/2 1wmdru.top/img/icons/favicon-16x16-darkmode.png
IP 190.115.24.78:0
ASN #262254 DDOS-GUARD CORP.
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash c7a60b79929bf150e44e5ac28fcd0d4e
f1ecf72f71d7b4153b151e7a27d40bf0c926b09e
f2b53ffbd8af9378b2e1d160500d2a2f3fae9b963cf4d6a3e88108a765a548cf
GET /img/icons/favicon-16x16-darkmode.png HTTP/1.1
Host: 1wmdru.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wmdru.top/
Cookie: visit_domain=1wmdru.top; core-sticky=http://10.233.80.135:80
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty/1.19.9.1
date: Sat, 01 Apr 2023 22:18:18 GMT
content-type: image/png
content-length: 410
last-modified: Thu, 30 Mar 2023 11:07:01 GMT
etag: "64256d55-19a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-frame-options: DENY
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 952513ca42adae3d5d739d3fdb9bf121
ae098b91f1a9bb5f99398e76ac5512550b822093
93b1f9965338820e21ec3694037f6f599863f3d8a0faa7f1492ac64077161ddb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 22:18:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7
142.250.74.168200 OK 60 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-KGKQDC7
IP 142.250.74.168:0
File type ASCII text, with very long lines (16747)
Hash 9d089b4dd0b3e4197a82f58da864e2c5
1cf911d5d5e4d65de9df4337da3f0454ab94b2ea
2e0e031f540f1fad4b024e8d8c70dd93d5e3cad7e22139f4c9bd8ea527cc7859
GET /gtm.js?id=GTM-KGKQDC7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wmdru.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 01 Apr 2023 22:18:18 GMT
expires: Sat, 01 Apr 2023 22:18:18 GMT
cache-control: private, max-age=900
last-modified: Sat, 01 Apr 2023 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 60115
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
1wmdru.top/pwaNotFound.html
190.115.24.78200 OK 2.8 kB URL HTTP/2 1wmdru.top/pwaNotFound.html
IP 190.115.24.78:0
ASN #262254 DDOS-GUARD CORP.
Hash 2e95080c0e1abe922f9589b6d5c3edb6
2a08d2d0565021f7e743bca7104115d8010a5a17
990bbd14962a6b670c6fcc1dbb317f23d807a5281953147e2f90b766be62d1a7
Analyzer Verdict Alert fortinet Phishing
GET /pwaNotFound.html HTTP/1.1
Host: 1wmdru.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wmdru.top/sw.7b67e677.js
Connection: keep-alive
Cookie: visit_domain=1wmdru.top; core-sticky=http://10.233.80.135:80; amp_494ccc=zZQ43L-3dohFyQM8A6L_m-...1gsvecm73.1gsvecm73.0.0.0; 1w_lang=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty/1.19.9.1
date: Sat, 01 Apr 2023 22:18:18 GMT
content-type: text/html
last-modified: Thu, 30 Mar 2023 11:07:01 GMT
etag: W/"64256d55-1370"
cache-control: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
1wmdru.top/get-authorization?random=1680387496256-0.7535596242863966
190.115.24.78200 OK 19 B URL HTTP/2 1wmdru.top/get-authorization?random=1680387496256-0.7535596242863966
IP 190.115.24.78:0
ASN #262254 DDOS-GUARD CORP.
File type JSON data\012- , ASCII text, with no line terminators
Hash 97816351479ac35375c10e73546c9459
b388abc5b856b3cb65032cf68d12cdee27073fc7
759315d5ae8c31136d2a7bc803e591554894987559325cdf7e0b5965bec0eaca
Analyzer Verdict Alert fortinet Phishing
GET /get-authorization?random=1680387496256-0.7535596242863966 HTTP/1.1
Host: 1wmdru.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wmdru.top/
Cookie: visit_domain=1wmdru.top; core-sticky=http://10.233.80.135:80; amp_494ccc=zZQ43L-3dohFyQM8A6L_m-...1gsvecm73.1gsvecm73.0.0.0; 1w_lang=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty/1.19.9.1
date: Sat, 01 Apr 2023 22:18:18 GMT
content-type: application/json; charset=utf-8
content-length: 19
access-control-allow-origin: https://1wmdru.top
access-control-allow-credentials: true
x-frame-options: DENY
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 76a65b0f376bb82846831db20aa3bb78
0bc33c8341e81c9f8e9f274374edb0784d3e4247
e136ce51d1029379f5d8a72571d6e0f8d4aa96f269fe7ca3815ff1af3e1bce0c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 22:18:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 76a65b0f376bb82846831db20aa3bb78
0bc33c8341e81c9f8e9f274374edb0784d3e4247
e136ce51d1029379f5d8a72571d6e0f8d4aa96f269fe7ca3815ff1af3e1bce0c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 22:18:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
1wmdru.top/1.txt?1680387496550
190.115.24.78200 OK 8 B URL HTTP/2 1wmdru.top/1.txt?1680387496550
IP 190.115.24.78:0
ASN #262254 DDOS-GUARD CORP.
Hash 48cfef8b3001a8c220dc815870f9916e
b77e871e72a3083c4bb31d6bcb5a257557181269
3d2c759213949af96fbdcd756a5146f64a9acadf9625bd7a9feb04bb4517b4f9
Analyzer Verdict Alert fortinet Phishing
GET /1.txt?1680387496550 HTTP/1.1
Host: 1wmdru.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wmdru.top/sw.7b67e677.js
Connection: keep-alive
Cookie: visit_domain=1wmdru.top; core-sticky=http://10.233.80.135:80; amp_494ccc=zZQ43L-3dohFyQM8A6L_m-...1gsvecm73.1gsvecmh5.0.4.4; 1w_lang=en; _gcl_au=1.1.130747707.1680387496
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty/1.19.9.1
date: Sat, 01 Apr 2023 22:18:19 GMT
content-type: text/plain
content-length: 8
last-modified: Thu, 30 Mar 2023 11:07:01 GMT
etag: "64256d55-8"
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
12688802.fls.doubleclick.net/activityi;src=12688802;type=actio0;cat=allpa0;ord=1;num=4046254839481;gtm=45He33t0;auiddc=130747707.1680387496;~oref=https%3A%2F%2F1wmdru.top%2F?
142.250.74.70200 OK 235 B URL HTTP/2 12688802.fls.doubleclick.net/activityi;src=12688802;type=actio0;cat=allpa0;ord=1;num=4046254839481;gtm=45He33t0;auiddc=130747707.1680387496;~oref=https%3A%2F%2F1wmdru.top%2F?
IP 142.250.74.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (449), with no line terminators
Hash 903b9bc6cc185373537edd7807ae019a
0657394b8d019bd19055a6502ebcd470eaa72781
8fc563d29b127d3d7aae498a4a48887f00ab26ae68154f8cd38688066e74df7a
GET /activityi;src=12688802;type=actio0;cat=allpa0;ord=1;num=4046254839481;gtm=45He33t0;auiddc=130747707.1680387496;~oref=https%3A%2F%2F1wmdru.top%2F? HTTP/1.1
Host: 12688802.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wmdru.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 01 Apr 2023 22:18:19 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 235
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 01-Apr-2023 22:33:19 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
1win-cdn.com/js/chunk-vendors.288bdb6f3.js
104.26.5.11200 OK 136 kB URL HTTP/2 1win-cdn.com/js/chunk-vendors.288bdb6f3.js
IP 104.26.5.11:0
File type Unicode text, UTF-8 text, with very long lines (65469), with no line terminators
Size 136 kB (135471 bytes)
Hash 0c652a7e56653af8dde67dbbaf779493
288a21860ff5c0cf08f30378cbec4fb48306bcb0
21b73fd8ae129e486c4a1d1b749827a96a217eb96f784bc3c5c66e35845dca4a
GET /js/chunk-vendors.288bdb6f3.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wmdru.top
Connection: keep-alive
Referer: https://1wmdru.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:18 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 30 Mar 2023 11:07:01 GMT
etag: W/"64256d55-68600"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xeo8q8y1JHSeX%2BkjixKlPAjKzICX4IzqGvIDhwPWt22ARUpv0TBIyy%2B%2FATEv9tDULlRs1pLZCi0rzGtkjyP%2BDecJ43GDzoidZsy1ZiMf2VXSWY9tmZLiJZQBJwvxtg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435068b470b55-OSL
content-encoding: br
X-Firefox-Spdy: h2
1win-cdn.com/css/35616.7f5925bbb.css
104.26.5.11200 OK 14 kB URL HTTP/2 1win-cdn.com/css/35616.7f5925bbb.css
IP 104.26.5.11:0
File type ASCII text, with very long lines (20838), with no line terminators
Hash 23ebcd67364bf19648ee8d9b581ea910
39be803424c6af8ca6a159893039948d75db1639
2496424a88fcfbffea660345e90a203f33df0b61086e808b4030254c1f00d62e
GET /css/35616.7f5925bbb.css HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:19 GMT
content-type: text/css
cache-control: max-age=315360000
cf-bgj: minify
access-control-allow-origin: *
etag: W/"6409c316-5166"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Thu, 09 Mar 2023 11:29:26 GMT
cf-cache-status: HIT
age: 2001332
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UH7uSSqTPAYEsPlXKM%2FLArEnTD1UR4qEZXl97pk2JtRA3h8yV6dvH2WH2BBvTXJhCBOqck9Ly7ghsAJl2GFO6KN1WkZLp52JXwNT5WdnpUa6XWZiSwvOTpVmvgWK0g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b14350cfc0db524-OSL
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a0d6c3457945786697bc100ac80245a4
4774e6cc431b4e14256f47c432b04ce3c1c18874
8b162cd1e04e8d35493772671b01685ae39ac20e4540139a387d44a9dc98ad1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B162CD1E04E8D35493772671B01685AE39AC20E4540139A387D44A9DC98AD1C"
Last-Modified: Fri, 31 Mar 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5350
Expires: Sat, 01 Apr 2023 23:47:29 GMT
Date: Sat, 01 Apr 2023 22:18:19 GMT
Connection: keep-alive
12572451.fls.doubleclick.net/activityi;src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=7040658980612.209?
142.250.74.70200 OK 274 B URL HTTP/2 12572451.fls.doubleclick.net/activityi;src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=7040658980612.209?
IP 142.250.74.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (520), with no line terminators
Hash f4261f6db41d853ce12fda65d8251fe7
fde8f4bcd3e3789f90f0ff25f1200f1ee5ac8658
0b195200525060222bfd66b15c85d510d9631c9bb19ac16a19cf12d785697f30
GET /activityi;src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=7040658980612.209? HTTP/1.1
Host: 12572451.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wmdru.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 01 Apr 2023 22:18:19 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 274
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 01-Apr-2023 22:33:19 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 76a65b0f376bb82846831db20aa3bb78
0bc33c8341e81c9f8e9f274374edb0784d3e4247
e136ce51d1029379f5d8a72571d6e0f8d4aa96f269fe7ca3815ff1af3e1bce0c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 22:18:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 76a65b0f376bb82846831db20aa3bb78
0bc33c8341e81c9f8e9f274374edb0784d3e4247
e136ce51d1029379f5d8a72571d6e0f8d4aa96f269fe7ca3815ff1af3e1bce0c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 22:18:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
12688802.fls.doubleclick.net/activityi;src=12688802;type=actio0;cat=allpa0;ord=1;num=2582624627619;gtm=45He33t0;auiddc=130747707.1680387496;~oref=https%3A%2F%2F1wmdru.top%2Fbets%2Fhome?
142.250.74.70200 OK 245 B URL HTTP/2 12688802.fls.doubleclick.net/activityi;src=12688802;type=actio0;cat=allpa0;ord=1;num=2582624627619;gtm=45He33t0;auiddc=130747707.1680387496;~oref=https%3A%2F%2F1wmdru.top%2Fbets%2Fhome?
IP 142.250.74.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (460), with no line terminators
Hash bcb45c1d7a38fa7a7c08e8e9d1a643fb
b1a22796e600b31e668aac4b16e8d91b6b2d2f8c
1e945ae3cdae457a6ef1ce01b458ddd5d0d56c2cbabdaad3fab0a876a5237fc1
GET /activityi;src=12688802;type=actio0;cat=allpa0;ord=1;num=2582624627619;gtm=45He33t0;auiddc=130747707.1680387496;~oref=https%3A%2F%2F1wmdru.top%2Fbets%2Fhome? HTTP/1.1
Host: 12688802.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wmdru.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 01 Apr 2023 22:18:19 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 245
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 01-Apr-2023 22:33:19 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
12572451.fls.doubleclick.net/activityi;src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=5313735779699.452?
142.250.74.70200 OK 274 B URL HTTP/2 12572451.fls.doubleclick.net/activityi;src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=5313735779699.452?
IP 142.250.74.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (520), with no line terminators
Hash 7a75871ae8e2da96d44a0526a8e7a2f1
de1034c4d71c087cde7a184227b6b1352772423b
d868c73a4df36fd600e5b02ad9d7c67f981929a1e0bd0eae0c0ecc8c70b34ef2
GET /activityi;src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=5313735779699.452? HTTP/1.1
Host: 12572451.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://1wmdru.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 01 Apr 2023 22:18:19 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 274
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 01-Apr-2023 22:33:19 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
151.101.194.133200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 151.101.194.133:0
Hash af2920c936a727d0e7919824430ed1c7
85222058bc2785ce03edb4dee884c359b38596ac
a9d49c7f0e3f339859fc9f744695172f753a0f1fbc9a95be93a202f2dc64e45a
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 939
Server: nginx
Content-Type: application/ocsp-response
Expires: Wed, 05 Apr 2023 19:34:25 GMT
ETag: "85222058bc2785ce03edb4dee884c359b38596ac"
Last-Modified: Sat, 01 Apr 2023 19:34:26 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Sat, 01 Apr 2023 22:18:19 GMT
Age: 2050
X-Served-By: cache-qpg1234-QPG, cache-bma1631-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 4, 10
X-Timer: S1680387499.177525,VS0,VE0
api.lab.amplitude.com/sdk/vardata
151.101.130.132200 OK 2 B URL HTTP/2 api.lab.amplitude.com/sdk/vardata
IP 151.101.130.132:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
OPTIONS /sdk/vardata HTTP/1.1
Host: api.lab.amplitude.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,x-amp-exp-user
Referer: https://1wmdru.top/
Origin: https://1wmdru.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://1wmdru.top
access-control-allow-credentials: true
access-control-max-age: 1800
access-control-allow-methods: GET,POST,HEAD
access-control-allow-headers: authorization,x-amp-exp-user
x-amzn-trace-id: Root=1-6428adaa-27aaae6f6a103aa8213e1727
x-content-type-options: nosniff
accept-ranges: bytes
date: Sat, 01 Apr 2023 22:18:18 GMT
x-served-by: cache-bma1677-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1680387499.823267,VS0,VE175
vary: Origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
1win-cdn.com/js/1883.ce7803cd3.js
104.26.5.11200 OK 82 kB URL HTTP/2 1win-cdn.com/js/1883.ce7803cd3.js
IP 104.26.5.11:0
File type ASCII text, with very long lines (13698), with no line terminators
Hash 12cddf5f37b451f2c7a66895a4fede87
815cdcc763fd90ddd2f5f55dbd19d37f796a7f82
0d1a176e99384eb28c3cc46d80938d79cde1392ad61c6f7120e7502d185e7bcb
GET /js/1883.ce7803cd3.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:19 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=13741
access-control-allow-origin: *
etag: W/"6409c402-35ad"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Thu, 09 Mar 2023 11:33:22 GMT
cf-cache-status: HIT
age: 2001333
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B%2F1V67E5qpr3MsD2WW4cgP%2BF28TbRONs3PO5kvGIV1I8e8KB9hZbj6wnpwAkc3F423W2%2BuzEoSZDRXwJNVe6pnKqKnvyZp%2FsqFQ8W4P6XtRxWXD52I2seedOsII2bA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b14350cfc16b524-OSL
content-encoding: br
X-Firefox-Spdy: h2
1win.direct/socket.io/?Language=en&EIO=3&transport=websocket
134.122.54.186101 Switching Protocols 0 B URL HTTP/1.1 1win.direct/socket.io/?Language=en&EIO=3&transport=websocket
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /socket.io/?Language=en&EIO=3&transport=websocket HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wmdru.top
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: GLdg0Cvpru8BjaCLdH0Skw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Sec-Websocket-Accept: gwq3OyGzZL5IhfClTAf2lB/nkdE=
Sec-Websocket-Extensions: permessage-deflate
Set-Cookie: core-sticky=890391af8fc888d1; Path=/; HttpOnly
Upgrade: websocket
ocsp.comodoca.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 55bed5145978028bf2e0fe7d9dcccab9
869f56c4c0821544c643767d3315b09da87e73c7
0e449ab16eb27fbcd78f9082e53b3f097f3fed3ac327f3ee2bf5199cea0731ac
POST / HTTP/1.1
Host: ocsp.comodoca.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 01 Apr 2023 22:18:19 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 01 Apr 2023 04:47:34 GMT
Expires: Sat, 08 Apr 2023 04:47:33 GMT
Etag: "869f56c4c0821544c643767d3315b09da87e73c7"
Cache-Control: max-age=603659,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1216
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b14350f5f7eb4f7-OSL
ocsp.comodoca.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 55bed5145978028bf2e0fe7d9dcccab9
869f56c4c0821544c643767d3315b09da87e73c7
0e449ab16eb27fbcd78f9082e53b3f097f3fed3ac327f3ee2bf5199cea0731ac
POST / HTTP/1.1
Host: ocsp.comodoca.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 01 Apr 2023 22:18:19 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 01 Apr 2023 04:47:34 GMT
Expires: Sat, 08 Apr 2023 04:47:33 GMT
Etag: "869f56c4c0821544c643767d3315b09da87e73c7"
Cache-Control: max-age=603659,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1216
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b14350f59d00b39-OSL
1win-cdn.com/js/95765.3116a22f7.js
104.26.5.11200 OK 5.5 kB URL HTTP/2 1win-cdn.com/js/95765.3116a22f7.js
IP 104.26.5.11:0
File type Unicode text, UTF-8 text, with very long lines (16834), with no line terminators
Hash b9a035dbdc5844db876d55cc16e3e547
ee7e453f9a9fcb1b25c8137e6132321576b9d534
d6d007729bd5a5f742236f93eca2c82774095ff8a6166c711480958a81b9517c
GET /js/95765.3116a22f7.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:19 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=16880
access-control-allow-origin: *
etag: W/"6422ece9-41f0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 28 Mar 2023 13:34:33 GMT
cf-cache-status: HIT
age: 376710
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I1azS68Hf%2FoHpdp7CF7loNV0ZZCXpg%2BN4rrGlfYV5eWmTdJGgWxL8hR%2Fibd5Ejir5yZ9zIUxW5hzK%2Blvig%2BNZZPtt1QFbObcYbYTYqcZsd7HSJnSx6jmxpcywx8NcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b14350d1c46b524-OSL
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 14539c5e0ca6ce826e62bdadad738bbd
92ce1bbc7f338d3e48e35d637513ab0aba610a98
58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7319
Expires: Sun, 02 Apr 2023 00:20:18 GMT
Date: Sat, 01 Apr 2023 22:18:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 14539c5e0ca6ce826e62bdadad738bbd
92ce1bbc7f338d3e48e35d637513ab0aba610a98
58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7319
Expires: Sun, 02 Apr 2023 00:20:18 GMT
Date: Sat, 01 Apr 2023 22:18:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 14539c5e0ca6ce826e62bdadad738bbd
92ce1bbc7f338d3e48e35d637513ab0aba610a98
58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7319
Expires: Sun, 02 Apr 2023 00:20:18 GMT
Date: Sat, 01 Apr 2023 22:18:19 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 14539c5e0ca6ce826e62bdadad738bbd
92ce1bbc7f338d3e48e35d637513ab0aba610a98
58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7319
Expires: Sun, 02 Apr 2023 00:20:18 GMT
Date: Sat, 01 Apr 2023 22:18:19 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa56dcfe2-79ba-46e2-a5e5-2ea22b3f0188.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa56dcfe2-79ba-46e2-a5e5-2ea22b3f0188.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 97c512a7abba6c872434ee06af4aac22
903dcbffcafa6d486322c31142e3813cc3ab9172
751a868af79fa595a659694a2d2c16e084fc38e639a7d1506c4fb56288cd21a5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa56dcfe2-79ba-46e2-a5e5-2ea22b3f0188.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8228
x-amzn-requestid: fbddd88d-c5ab-4809-8870-df8227d51ffb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CnUloHJCIAMF4KA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64260156-4f7ba06b6292df92266c6bc2;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 21:38:30 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: iWJhkG-cuxGvRp6jAtK6L_1JYg1zJ10oOFmqNb_zrf_wXVWGlKQDOw==
via: 1.1 e39f48cc8f516dc1072afdb086c71f32.cloudfront.net (CloudFront), 1.1 d90109c5a0c30f43223e0db85921c5c2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Apr 2023 21:51:24 GMT
age: 1615
etag: "903dcbffcafa6d486322c31142e3813cc3ab9172"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fb8174c-0fbe-4857-bc0b-3e50751be490.jpeg
34.120.237.76200 OK 3.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fb8174c-0fbe-4857-bc0b-3e50751be490.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ddcef2c96778d9fdee670e187a43ab32
e8c98891a1ffdbb6d30cf8746e067d56fe65d964
4e6fb506079b1daab0b1913a31c6252452f133af9276e18d25fe6fb622ce54ec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fb8174c-0fbe-4857-bc0b-3e50751be490.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3800
x-amzn-requestid: a182fb32-649a-4228-a591-080aae8c053a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cqm9VEY2oAMFf5g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642751ee-3a1abb584aa61a954dbd52c1;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 21:34:38 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: 8_m0xs9JUsoheDqkfPQdh3kzcE3zhX2Io1kl_Y4sDqLr2_03TiK2eA==
via: 1.1 88a7ff956a5b49ec3a35abfc0027af12.cloudfront.net (CloudFront), 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Apr 2023 21:50:39 GMT
age: 1660
etag: "e8c98891a1ffdbb6d30cf8746e067d56fe65d964"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c8939ac-5249-469a-92a8-f7d39e16fd0c.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c8939ac-5249-469a-92a8-f7d39e16fd0c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c9725cb9ee354d9c9ca233288e3621ed
5e1ca2a4695fa9e4e6e69b5a5cb05c8ce43244fb
c03a0ed04efe13a15b6a0a05848473de9f5196c26096579b99475b22df2a7c4a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c8939ac-5249-469a-92a8-f7d39e16fd0c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10248
x-amzn-requestid: c53c08eb-adf7-447d-b303-759b6419a2bc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ClU6GHD4oAMFcww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6425350d-7a6494c770dd83f17e839234;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 07:06:53 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: 8ReqCnX98wfim_pADgR68l76iJctnAwKTv-1qtbnNSmKZ8fQTfrHdQ==
via: 1.1 53ee82a7eb57de316cba44c26680b4a6.cloudfront.net (CloudFront), 1.1 aa623e134417515bd2496cb01d5e5626.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Apr 2023 07:25:20 GMT
age: 53579
etag: "5e1ca2a4695fa9e4e6e69b5a5cb05c8ce43244fb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash da174e6ccc9451c5071ba10eeb97f6f6
c38827a9ac1218768839877263e1f2984fbdc454
76da406c8ae8cd6ca8471928f3aec3876aed2c21bc10edc0fbdaef5c100c1030
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9859
x-amzn-requestid: 526d70f5-3eab-410e-97d4-e489e152bd43
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cl6tIFhxoAMFa-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64257186-14e697b924e79d1e5bc6d040;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 11:24:54 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: qKEs-bdLIfTk7TjXU0kLNzqEBDhhUXkX_osB-9p5LdfJfUbo8LwyuQ==
via: 1.1 4b800f7fa2c3fbb9f4f3c505b0df315e.cloudfront.net (CloudFront), 1.1 d16c3f15bd14953a9d4109eaaa991de2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Apr 2023 01:27:32 GMT
age: 75047
etag: "c38827a9ac1218768839877263e1f2984fbdc454"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfa5d643-243c-4157-97e2-d929d9b82514.jpeg
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfa5d643-243c-4157-97e2-d929d9b82514.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 613b90b49678a72443e992713b7eb711
f4216e9b06d9cb62aadfafce434789a3cc5d1fe2
7cb101a12e824bf26552b2aaeb00df0e3f239c254168b9dee65192b484f1b61e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfa5d643-243c-4157-97e2-d929d9b82514.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4697
x-amzn-requestid: 800eecdb-6883-4266-a476-7e3ce7985d3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ClVE3HmcoAMF9cg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64253552-6ee0d63805e7a9631efa30fd;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 07:08:02 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: coKmHNJLD7miKkRqU3JiHYurjgK5WSnLuwTfw9uNohVOXv-7XjVatg==
via: 1.1 304b956e2039e07753fa39109152d594.cloudfront.net (CloudFront), 1.1 174acb08636ac7d9e9a778bbf1bcbc52.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Apr 2023 07:45:25 GMT
age: 52374
etag: "f4216e9b06d9cb62aadfafce434789a3cc5d1fe2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F808d12ec-c97a-4c49-976e-6025ea897112.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F808d12ec-c97a-4c49-976e-6025ea897112.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 800c2662fd6ab8829a02b7d63084c38d
0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239
76545e9f75dc558fdb7b54550934c7775318fb4150a9309f60e65d982d2e576e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F808d12ec-c97a-4c49-976e-6025ea897112.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5950
x-amzn-requestid: 5d5a94f5-db2f-4c4c-9c9f-08c14b0ccd80
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cqm7NG2NIAMF-sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642751e1-57c957f442c42fe148e66831;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 21:34:25 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: KkjS04mCLqFET4v9-sePYK-zcztrds608GECT1Fxz3BEpslgxnpLOg==
via: 1.1 f193acd25f2604e189bfbfaf539aaa06.cloudfront.net (CloudFront), 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Apr 2023 21:38:49 GMT
age: 2370
etag: "0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
1win-cdn.com/js/80794.1b3c3f334.js
104.26.5.11200 OK 2.7 kB URL HTTP/2 1win-cdn.com/js/80794.1b3c3f334.js
IP 104.26.5.11:0
File type ASCII text, with very long lines (7914), with no line terminators
Hash b7b040611e1d8055e262f344f067a7f1
e6b382fda0080c2325e86003b88d5990a9b81aa4
908952fcebc6f7f1375560db973fd6bfd04b75a15ae1d1fbb6b6855adfdb71e5
GET /js/80794.1b3c3f334.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:19 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=7958
access-control-allow-origin: *
etag: W/"64117956-1f16"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Wed, 15 Mar 2023 07:52:54 GMT
cf-cache-status: HIT
age: 1519796
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7ZAeQ3Zb7LD73OvYg6oCdMvnSSUfnCkCS7kDgr%2BN72QqksFCYASOWYsSKzHK8V7pI7Ds9BXU%2BJ9eyr8chKanKqYqCFue9WCyY69%2BWtxKuNK26ciz2VQqoZaLjJ8ZBA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b14350d1c45b524-OSL
content-encoding: br
X-Firefox-Spdy: h2
api.amplitude.com/
52.12.237.161200 OK 7 B IP 52.12.237.161:0
File type ASCII text, with no line terminators
Hash 260ca9dd8a4577fc00b7bd5810298076
53a5687cb26dc41f2ab4033e97e13adefd3740d6
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
POST / HTTP/1.1
Host: api.amplitude.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 1099
Cross-Origin-Resource-Policy: cross-origin
Origin: https://1wmdru.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:19 GMT
content-type: text/html;charset=utf-8
content-length: 7
access-control-allow-origin: *
access-control-allow-methods: GET, POST
trace-id: Root=1-6428adab-224b7dde360ac5c8686e237e
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
1win-cdn.com/img/present-with-light.bd57fb068-151.png
104.26.5.11200 OK 6.7 kB URL HTTP/2 1win-cdn.com/img/present-with-light.bd57fb068-151.png
IP 104.26.5.11:0
File type PNG image data, 151 x 161, 8-bit colormap, non-interlaced\012- data
Hash 6e2f4fff39b3a495fecefe5fee863c51
d358f1c8d7fe7298feea325c7ea6d145a3634026
4800fa860802fd0e46629776201afccd5adc1bf6b8b5a45a5e7c46d8d3b2a690
GET /img/present-with-light.bd57fb068-151.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:19 GMT
content-type: image/png
content-length: 6732
last-modified: Thu, 09 Mar 2023 11:29:26 GMT
etag: "6409c316-1a4c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 2001332
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q3OsCHco4T1a%2B00ufoloPYllSE7AScVrH4un9%2BCT%2B7iNQ8g2GVfHB2IBcx0K%2FD%2BOEjoXq94gZeK%2FQq%2BgcdY6TitjmqiwhyHHN3JVWeEIFi8j5KS5B%2BGmVDxL1WHllw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435129bd0b524-OSL
X-Firefox-Spdy: h2
1win-cdn.com/img/sprite-tvbet-frame@2.52cde99d0-256.png
104.26.5.11200 OK 4.5 kB URL HTTP/2 1win-cdn.com/img/sprite-tvbet-frame@2.52cde99d0-256.png
IP 104.26.5.11:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash 40212134fb58f842529fa66647f1b7d2
e6d355ea609129942cde7b9d47e587ae5cc8596c
c04666bc555dfa0fbd2b5da4984cb813b58eab772e1fa1efa2fd2e62c6d11f7b
GET /img/sprite-tvbet-frame@2.52cde99d0-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/png
content-length: 4458
last-modified: Fri, 10 Mar 2023 09:46:26 GMT
etag: "640afc72-116a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1944913
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZWsbtU%2FEMTtAuewiMsrpo%2Fl1lxmdPFAxgaUJjliCNnGgUcN7ee7CGUOsR%2BmBpCohUD1dpXkfMrDXAsxvSbYr0fXvTAuN%2Bd0S0m58eGGwPtkNhr%2B00LA7xLWBrEOj%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435130c71b524-OSL
X-Firefox-Spdy: h2
1win-cdn.com/img/free-money-link-image.4433e4971-120.png
104.26.5.11200 OK 6.3 kB URL HTTP/2 1win-cdn.com/img/free-money-link-image.4433e4971-120.png
IP 104.26.5.11:0
File type PNG image data, 120 x 97, 8-bit colormap, non-interlaced\012- data
Hash 8c77c77c33189721a876fefeadf5ca83
0b197aa9e55fe824b28e55b9e0591f8631b6c3c8
b2a4295182c1f7c9619a4d2f842be12f4cbc6c4bb8d2ea607f06ff3bc4099486
GET /img/free-money-link-image.4433e4971-120.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/png
content-length: 6292
last-modified: Thu, 09 Mar 2023 11:29:26 GMT
etag: "6409c316-1894"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 2001333
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KmaiqOSHaic1Kf2kcxVhiBZiAFLOgT4ZcYdZ7O7pMBeD%2B%2F%2FKDxrQHep8pgjwSsoE2ijZPylxL3waWm%2FmCvPeaDjJ42m5s3y%2BOcO8MfzEn3GpRFf2p9vwtI6z3Ix9lA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b143512fc67b524-OSL
X-Firefox-Spdy: h2
1win-cdn.com/img/sprite-roulette-frame@2.76ea5a241-256.png
104.26.5.11200 OK 30 kB URL HTTP/2 1win-cdn.com/img/sprite-roulette-frame@2.76ea5a241-256.png
IP 104.26.5.11:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash fa83f73358ed73cbd8a0faf0d8e6c019
586b95f1e5e1945abd0248e995f79274463c1cd8
ede3848497b96e7defd4c5d53133cf2e374487411186a66a6146191ae5692f77
GET /img/sprite-roulette-frame@2.76ea5a241-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/png
content-length: 29770
last-modified: Fri, 10 Mar 2023 09:46:26 GMT
etag: "640afc72-744a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1944913
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fadyh3298UT11NFOfVzu6JI2k7601ugmG%2FuUrDBnTYEVaNeqZQlqPLYWRP6Ln2vcR4eSaGBTab4xo9HFqPddZnUTLLG96fAbHiKWARW%2BOuAxK7QUBOJ74mXDSLYXjg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435130c77b524-OSL
X-Firefox-Spdy: h2
1win-cdn.com/img/sprite-tvbet@2.888adc8ee-256.webp
104.26.5.11200 OK 354 kB URL HTTP/2 1win-cdn.com/img/sprite-tvbet@2.888adc8ee-256.webp
IP 104.26.5.11:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 354 kB (353842 bytes)
Hash 8df817e5ef0af5dc8279d3f20cae9bc3
12c85bcc74a48053c92f3f75ce3c14e1a19e46d3
61a0f98511e6c60430ab044d1f80e1c9eff83f577064d465cc5f893ba3ce0fee
GET /img/sprite-tvbet@2.888adc8ee-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/webp
content-length: 353842
last-modified: Thu, 30 Mar 2023 11:02:41 GMT
etag: "64256c51-56632"
x-frame-options: DENY
cache-control: max-age=14400
cf-cache-status: HIT
age: 2940
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lk29aJjuPBYC5yHahK%2FzAXuPeyZN7admsPO8MdH3mxeBkd7DABmikuehd1gZJMZKvtAAFG5qWDj1NRXKQS7qoUJzptyWthbZdxJ2XNAeG3SjDQynclTH47vOwT595w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435130c75b524-OSL
X-Firefox-Spdy: h2
1win-cdn.com/img/sprite-dice-frame@2.8e0d70675-256.png
104.26.5.11200 OK 17 kB URL HTTP/2 1win-cdn.com/img/sprite-dice-frame@2.8e0d70675-256.png
IP 104.26.5.11:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash b5469917695caf597285ce3e08c0e314
8d6b57a1590baf7531d688d5dde729ede7d02108
3353862bc343fe2f92faf7e59595d9aa80d2fbdc90c6677437daf3a9acd84b32
GET /img/sprite-dice-frame@2.8e0d70675-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/png
content-length: 17269
last-modified: Thu, 09 Mar 2023 11:29:26 GMT
etag: "6409c316-4375"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 2001333
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y2cnAT3XJINkR5KYzROjHahDMflRSefoH23rLckKdaM6yiHkLIDUGE63kOKU4TbtJaP4GxN%2BSR64nSVC25Lh1QmFevnDYAYqKLNzQqqTYYSa1jv4U3j5wnj3sne%2FDw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435130c7db524-OSL
X-Firefox-Spdy: h2
1win-cdn.com/img/sprite-poker-frame@2.1caa31af7-256.png
104.26.5.11200 OK 10 kB URL HTTP/2 1win-cdn.com/img/sprite-poker-frame@2.1caa31af7-256.png
IP 104.26.5.11:0
File type PNG image data, 256 x 256, 8-bit colormap, non-interlaced\012- data
Hash 74023900d89b98987ea3248f4a89a218
4ea53a2415cf89647c40a32c69b50bde861a40ed
484183c9f4d5b2d68649d3025af4d2b95a5cb71f40a1cf960d62e0e3560162ab
GET /img/sprite-poker-frame@2.1caa31af7-256.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/png
content-length: 10453
last-modified: Thu, 09 Mar 2023 11:29:26 GMT
etag: "6409c316-28d5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 2001333
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rQFVagJ0TBzEWypzU2y04FLtg5vjo%2B%2FjqHvaTqAGFxHuFUkEGSo30Q8Ga6xQtt8n8DcTR%2BvucGqRDNfOkSSIO5L6KpqMQ0p3B%2FMoN6B6l0r%2F1Hug0BG7y%2FOFbQeybw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435130c7fb524-OSL
X-Firefox-Spdy: h2
1win-cdn.com/img/sprite-poker@2.a38733e7a-256.webp
104.26.5.11200 OK 361 kB URL HTTP/2 1win-cdn.com/img/sprite-poker@2.a38733e7a-256.webp
IP 104.26.5.11:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 361 kB (360930 bytes)
Hash 3da44652926631bc4fc847cfcbad6c71
a5f7955272162e543d5db897e200d00d3af22b22
354fe37cee669fe141e1e1dcb3b5a12df1ff2b9b34be38b4f2e20dd46fdb7d2a
GET /img/sprite-poker@2.a38733e7a-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/webp
content-length: 360930
last-modified: Thu, 30 Mar 2023 11:02:41 GMT
etag: "64256c51-581e2"
x-frame-options: DENY
cache-control: max-age=14400
cf-cache-status: HIT
age: 2940
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VDRahM7mhJqLeNK697LnU6mPqUdVGHnnjJP8xQu3eehQZCa7O6JjAgwdLzKK5xE0r9KGy8doxN4LYQq8Rszk9BtLgdWd6p9ZuOzNmuY1Rqzbzdk3gxPYXmrrzTARLg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435130c80b524-OSL
X-Firefox-Spdy: h2
1win-cdn.com/img/sprite-dice@2.6e1ac0ed1-256.webp
104.26.5.11200 OK 430 kB URL HTTP/2 1win-cdn.com/img/sprite-dice@2.6e1ac0ed1-256.webp
IP 104.26.5.11:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 430 kB (429680 bytes)
Hash abaa6833958bdc5427e6fa573cbfa70a
d43989916cc382e4e3d983933d9cd52a7d1dbeb2
51ba8ea694483e38020360731af53be7cd411671786008119b70b2a320e3bd92
GET /img/sprite-dice@2.6e1ac0ed1-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/webp
content-length: 429680
last-modified: Thu, 30 Mar 2023 11:02:41 GMT
etag: "64256c51-68e70"
x-frame-options: DENY
cache-control: max-age=14400
cf-cache-status: HIT
age: 2940
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fI8nLmq9v5EUAyHTjS8CUOCZ%2FoiW%2FGDVuuYQgjCmiluJOmSrnwbCtDOnirtvS72nxcVEvHBPnmFFM0rjsLNXxd5nyCL6loWnhqGfjCXPpJrYNho%2BMVCh2Qn6ZpqQFg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435130c7eb524-OSL
X-Firefox-Spdy: h2
1win-cdn.com/img/sprite-roulette@2.255074856-256.webp
104.26.5.11200 OK 720 kB URL HTTP/2 1win-cdn.com/img/sprite-roulette@2.255074856-256.webp
IP 104.26.5.11:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 720 kB (719644 bytes)
Hash 344d71695bd0f387fedd84fba6ace2c1
1d37e2d66ab1098072febc0a0dc3769d44090048
7775854f4b641fa2c9f954c79de9d4bd51ffea8b9bc74d8e01768718cc438003
GET /img/sprite-roulette@2.255074856-256.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/webp
content-length: 719644
last-modified: Thu, 30 Mar 2023 11:02:41 GMT
etag: "64256c51-afb1c"
x-frame-options: DENY
cache-control: max-age=14400
cf-cache-status: HIT
age: 2940
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vAOJu9OZe%2FmBSJIodqk051vLX0tqzcBssRdCvD3rUdwAVa2MBk9Vyrh%2F3k4w1LxcaO1V7myDV%2BYUmiCbkOdCiBDvF6%2FtTq4njKnUADD8jCyf81i%2Fb%2Bwmd%2FprytXOcw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435130c79b524-OSL
X-Firefox-Spdy: h2
1win-cdn.com/img/pwa_android_en.b229a444a-690.png
104.26.5.11200 OK 38 kB URL HTTP/2 1win-cdn.com/img/pwa_android_en.b229a444a-690.png
IP 104.26.5.11:0
File type PNG image data, 690 x 450, 8-bit colormap, non-interlaced\012- data
Hash 8b6daeaca5784288934eb5c3dbc3401d
2df52222cb03510733d5f5c616278143e7f93f2d
53ee238e1169d7940016da0159e72a214403576447cf1b8cb384942a6200d191
GET /img/pwa_android_en.b229a444a-690.png HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/png
content-length: 37637
last-modified: Thu, 09 Mar 2023 11:29:26 GMT
etag: "6409c316-9305"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 2001333
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=unYokKCJRJ3YEzDX%2FUxQbhS7FX1GPhpyR9V%2BskNSfGRE9oUZ3yljJHYnYxhsW2T4YIXk5xTIxxsijDo%2B%2FAU9nk%2FKlGxn5EizE%2FQ2rgcBg4yRmqnwGgGoovd2rucddA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435132c97b524-OSL
X-Firefox-Spdy: h2
1win-cdn.com/img/jetx.64787fc5c.svg
104.26.5.11200 OK 45 kB URL HTTP/2 1win-cdn.com/img/jetx.64787fc5c.svg
IP 104.26.5.11:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (8774)
Hash befd3e4bf0caafa485b64a5a14718dd0
2b973a919b0601d0e99a014cf794051c2753f36d
9f687da9f939c45ad98d0a59d5220cb6ac927f1e6a2e17218d782cebe56b7728
GET /img/jetx.64787fc5c.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:19 GMT
content-type: image/svg+xml
last-modified: Thu, 09 Mar 2023 11:29:26 GMT
etag: W/"6409c316-33f5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 2001332
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QLuomZfqiK9glGhSJEPRsrNHYM91vsvIEAN5wUKWbcU8xlSozw0gV9GW%2FC%2FKJqSdeNPcBgSgp%2FnKHI8HKOzTe9u8LUynpMmftnLeIjSoMmrqv6NNyldYM0ye9qJnKg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b143512bc18b524-OSL
content-encoding: br
X-Firefox-Spdy: h2
1win-cdn.com/img/home-poker-banner-bg.87d818974-600.webp
104.26.5.11200 OK 12 kB URL HTTP/2 1win-cdn.com/img/home-poker-banner-bg.87d818974-600.webp
IP 104.26.5.11:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash d42d6b091c917baad89cc62f34b1ef8d
6915e60ae50f4b00af5083ce1217a7dab04df42d
9ac95cc43cf590f1f9a5dd85b5b0bf04d98e38d3005b6e4b436f8c04d09a66e9
GET /img/home-poker-banner-bg.87d818974-600.webp HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/webp
content-length: 11812
last-modified: Thu, 30 Mar 2023 11:02:42 GMT
etag: "64256c52-2e24"
x-frame-options: DENY
cache-control: max-age=14400
cf-cache-status: HIT
age: 2940
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oAuQL83Vgt7Tp2gpVpnXLvPfGGfjI5mirLXvTzujwSsUN8CcGXOxXrVICXYFSgTb1nF1L3OVG6gA1g571AFHwKMWdLNKmID7CizujiyqRPAxtYP9yjIL5MB%2FbMwIXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435132c98b524-OSL
X-Firefox-Spdy: h2
1win-cdn.com/img/aviator-game-logo.2fb50dc03.svg
104.26.5.11200 OK 9.5 kB URL HTTP/2 1win-cdn.com/img/aviator-game-logo.2fb50dc03.svg
IP 104.26.5.11:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2997)
Hash c91225bb6943f3c7ccd2962784aae937
6d53885c4d91257844370429cd3cb75dc1b79e77
dbc8060ea4d9772065e60903c2d1f4a35ad148fa5beca919b436edfdabcd29d1
GET /img/aviator-game-logo.2fb50dc03.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:19 GMT
content-type: image/svg+xml
last-modified: Thu, 09 Mar 2023 11:29:26 GMT
etag: W/"6409c316-bfa"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 2001332
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wqlUeTFgiDcBEO4b4kKwFtcIzvXmZILEufexwSN04bVP7SVKIC42XRaNFhD0TGTzyclujXQI27l6zwQyp0kEIsXrL5IBOcZRBOAsCh%2BtuFW84OV72Ocu2HbMqU2nVw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b143512bc11b524-OSL
content-encoding: br
X-Firefox-Spdy: h2
imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/banner-files/bonus-banner-deposit.png@avif
104.26.5.11200 OK 4.3 kB URL HTTP/2 imgproxy.1win-cdn.com/unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/banner-files/bonus-banner-deposit.png@avif
IP 104.26.5.11:0
File type ISO Media, AVIF Image\012- data
Hash 22a160f55908549771f823852d5eaeea
267d86356fc72824681f08d9fd1207b77530c08d
bb19dc50ecc9dd60ce8760b73843ce465df86b78a76de6a924c813fc770a2f23
GET /unsafe/banner_desktop_main_1x/plain/https://1win-cdn.com/banner-files/bonus-banner-deposit.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/avif
content-length: 4323
cache-control: public, max-age=31536000
content-disposition: inline; filename="bonus-banner-deposit.avif"
etag: "afr-jhlkuoDx_XrwjiuFbkzj6HdVsjvDmAeQvV8BbYs/RIjYxYTRlY2UwLTU0YWIyIg"
expires: Mon, 03 Apr 2023 20:38:57 GMT
x-request-id: k_UiPjjC7eUn-KF9U943Q
x-cache-status: HIT
cf-cache-status: HIT
age: 364241
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3ia%2BQLzT%2Fz3EZqUQ%2BygFkVq1MD02yQZw1uBK0x3yHIzLupAI%2BANXHC0Ab6h1u8id8D5WkdBS%2B9km9gYQAnK%2B9FPopIlxJaaoC0vVSlJ7pdEWYIzvMlCs%2BjUSKulCO9PpXx%2Bt6hZIjA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435136cd7b524-OSL
X-Firefox-Spdy: h2
1win-cdn.com/font/SFNSDisplay-cyrillic.e423f3776.woff2
104.26.5.11200 OK 17 kB URL HTTP/2 1win-cdn.com/font/SFNSDisplay-cyrillic.e423f3776.woff2
IP 104.26.5.11:0
File type Web Open Font Format (Version 2), TrueType, length 16852, version 1.0\012- data
Hash c4f31a30bdf4dbced79fb75fc03111cf
14765799051deb933539e19f1ffa26198cabd4c1
cded98e2b95ccbf34690d20e4d466e2457d754f960b819d052d188dae2c9e9fc
GET /font/SFNSDisplay-cyrillic.e423f3776.woff2 HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wmdru.top
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1win-cdn.com/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: application/octet-stream
content-length: 16852
last-modified: Thu, 30 Mar 2023 11:02:41 GMT
etag: "64256c51-41d4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ctarx1fESJxePuIFSlZsnPW0tqkQ7Z2CRfAJUz514dDDhGhEdI6P31j7E2ggWzaUzPVCQVmIO8ck5k5xdtUUFXkrvkmCYk2wAV2jFSjWB8rgvTsvYcX7MXmA1YYyNg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b143512fd370b55-OSL
X-Firefox-Spdy: h2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/5b4ab347-f37c-44e4-93e6-2c1c0efa069e.jpg@avif
104.26.5.11200 OK 5.3 kB URL HTTP/2 imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/5b4ab347-f37c-44e4-93e6-2c1c0efa069e.jpg@avif
IP 104.26.5.11:0
File type ISO Media, AVIF Image\012- data
Hash 76a502c1036d076e2317739f0cc878d8
480303b6e1e68b1d04e998d9bcd26224429db376
e377abb67003f9b87b6c67e87b9814b99bb3c1de68f286546d9af4e6d6377351
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/5b4ab347-f37c-44e4-93e6-2c1c0efa069e.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/avif
content-length: 5302
cache-control: public, max-age=31536000
content-disposition: inline; filename="5b4ab347-f37c-44e4-93e6-2c1c0efa069e.avif"
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjYzOTM2OTc5LTJiMmQxIg"
expires: Sun, 02 Apr 2023 20:17:48 GMT
x-request-id: zPhgdY5gWvkg4vM7pvWq-
x-cache-status: HIT
cf-cache-status: HIT
age: 486536
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UOU1jSnxsQkf5kdHEyEkdNwdq%2B%2FKmlPZY8sdCJyySru4GDxxePnUXAyGd6vunbPJfBEy7B0f1YtdMXpVgzyYpItwqI9wJUDSS01YTXJpLZXrLEyan7CBm9JqQKbUk%2Fkg5UOiRmryMA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435143dd7b524-OSL
X-Firefox-Spdy: h2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/81c5273a-ebb1-47f6-8535-6376c353ea74.png@avif
104.26.5.11200 OK 3.6 kB URL HTTP/2 imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/81c5273a-ebb1-47f6-8535-6376c353ea74.png@avif
IP 104.26.5.11:0
File type ISO Media, AVIF Image\012- data
Hash 38274844df1004bd9a0e2ebaa78fc880
ef316b9b62257b1e930eb064f30c1baecd86f2b9
5d128fbc4ca805ffd77a5d0c93ed6c15e548157d1b6a68b16c2849a98799a6a6
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/81c5273a-ebb1-47f6-8535-6376c353ea74.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/avif
content-length: 3601
cache-control: public, max-age=31536000
content-disposition: inline; filename="81c5273a-ebb1-47f6-8535-6376c353ea74.avif"
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjYzOTM2OTc1LTY1Njk0Ig"
expires: Mon, 03 Apr 2023 21:47:23 GMT
x-request-id: 3_3K_XaC4gvPsdkGmWl7c
x-cache-status: HIT
cf-cache-status: HIT
age: 355614
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oWesQ3mdef%2BC6MjgSwjChznvcqk6zWTORKRavbtHn4k1b%2FK%2BQdLJCjuQbEvme00JS5Ga8Lc58E15XGyFis5qCjKcC7se%2B75iJB2ONossE%2BvYJSYKWpkjOGOPmxmArufB%2BjD%2Fth4o7g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435143dd9b524-OSL
X-Firefox-Spdy: h2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/576a0d3a-0df0-4a5b-ac90-7e9f2ab73407.png@avif
104.26.5.11200 OK 4.3 kB URL HTTP/2 imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/576a0d3a-0df0-4a5b-ac90-7e9f2ab73407.png@avif
IP 104.26.5.11:0
File type ISO Media, AVIF Image\012- data
Hash d5f05284c21b7798248cd9fa99bfd299
bf9b3b55c3aa5508d51c2935e6494a6f91fb21b9
85a15ca1b3ad7e7569214ac1e02596a70b806eccd8ebf2b9fb079ca53986a0d4
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/576a0d3a-0df0-4a5b-ac90-7e9f2ab73407.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/avif
content-length: 4304
cache-control: public, max-age=31536000
content-disposition: inline; filename="576a0d3a-0df0-4a5b-ac90-7e9f2ab73407.avif"
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjYzOTM2OTZmLTIwOWY5Ig"
expires: Fri, 07 Apr 2023 17:37:27 GMT
x-request-id: jBTwP1UWLpMT8tFrsYKax
x-cache-status: HIT
cf-cache-status: HIT
age: 102126
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SG2BHOjejIM4LSqfDchMOcwTlsgsRpafioqhsfHWy5kZrdSVF0ec6MFS%2BPR3UPryoB8EXCYAfw717GN6P9S6zhKiO2ofo2Xm53zYzTcCR9Tk2bAclrBMGYApDwH6g%2F22OjLZnSGEfA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435143dd8b524-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 02c95981e800dd9363a6d19dae24da1e
21059a3e85170b78c401f344a2cc11359afe51d9
c50c93dbf298c3c2e641e178f9c43680c1989bb2a06bc2db723484a7da223cd9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 22:18:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/f736e1ff-fdf7-40e5-93b5-2daa1b472e4d.png@avif
104.26.5.11200 OK 3.3 kB URL HTTP/2 imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/f736e1ff-fdf7-40e5-93b5-2daa1b472e4d.png@avif
IP 104.26.5.11:0
File type ISO Media, AVIF Image\012- data
Hash bbb2a9093140015e4ebcb4b1ade5b171
dc35c677bb7d9b9e222f93e844793afc4fc06b2a
769a8489bc32f748e268b35024e9726719ef2a65d32665b0a5a54ca6d28789d9
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/1play/f736e1ff-fdf7-40e5-93b5-2daa1b472e4d.png@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: image/avif
content-length: 3255
cache-control: public, max-age=31536000
content-disposition: inline; filename="f736e1ff-fdf7-40e5-93b5-2daa1b472e4d.avif"
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjYzOTM2OThiLTFiYzYyIg"
expires: Mon, 03 Apr 2023 21:02:17 GMT
x-request-id: yhDgjau2hqJoacHHecauB
x-cache-status: HIT
cf-cache-status: HIT
age: 355613
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m9md%2FnO%2FGNtxdPnerabZXrEedqf%2FcqtcJU6SlfFMXEomGcq0gwgzGXwmIXaFQJvyIpJrkJHo%2BEpZGGzrCxZBaFxJfdqlJifH49140NnSGUuw6m19%2Be204S5Miy8%2B%2Fw3QUfFHO6tSaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435144ddeb524-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 02c95981e800dd9363a6d19dae24da1e
21059a3e85170b78c401f344a2cc11359afe51d9
c50c93dbf298c3c2e641e178f9c43680c1989bb2a06bc2db723484a7da223cd9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 22:18:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
1win.direct/microservice/ask
134.122.54.186200 OK 2 B URL HTTP/2 1win.direct/microservice/ask
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://1wmdru.top/
Origin: https://1wmdru.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wmdru.top
access-control-expose-headers: Authorization
content-type: text/plain; charset=utf-8
date: Sat, 01 Apr 2023 22:18:20 GMT
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
set-cookie: core-sticky=41b8e7fa1b6b4092; Path=/; HttpOnly
x-powered-by: Express
content-length: 2
X-Firefox-Spdy: h2
1win-cdn.com/js/icons-pack-home.fc24cebca.js
104.26.5.11200 OK 4.8 kB URL HTTP/2 1win-cdn.com/js/icons-pack-home.fc24cebca.js
IP 104.26.5.11:0
File type ASCII text, with very long lines (16899), with no line terminators
Hash ed3539cc8c7458b9b76ccd7e117ed1d8
0b32eadf2ac0017860de27ef245972bd4209ccda
1fa03000eea62a9985c4b2016c0b7748ca708471b4e5bfdd8c0fc69ba7275ccd
GET /js/icons-pack-home.fc24cebca.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=16953
access-control-allow-origin: *
etag: W/"6411b433-4239"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Wed, 15 Mar 2023 12:04:03 GMT
cf-cache-status: HIT
age: 1504824
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o7iHHvopZXfdUcIAxr4sFlw62WoWnMZsfmUoJCFNY9IJEUG4yO7%2BC6TYafUtObDo86d0e8Jd8TEZJKA2mJb4mkHgSzmSQzHz8qpzkBOwY8nrhhb%2F7sJhHurRoi%2FKNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b143512fc61b524-OSL
content-encoding: br
X-Firefox-Spdy: h2
1win.direct/microservice/ask
134.122.54.186200 OK 2 B URL HTTP/2 1win.direct/microservice/ask
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://1wmdru.top/
Origin: https://1wmdru.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wmdru.top
access-control-expose-headers: Authorization
content-type: text/plain; charset=utf-8
date: Sat, 01 Apr 2023 22:18:20 GMT
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
set-cookie: core-sticky=4c2fa7d910e63cce; Path=/; HttpOnly
x-powered-by: Express
content-length: 2
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 02c95981e800dd9363a6d19dae24da1e
21059a3e85170b78c401f344a2cc11359afe51d9
c50c93dbf298c3c2e641e178f9c43680c1989bb2a06bc2db723484a7da223cd9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 22:18:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
1win.direct/microservice/ask
134.122.54.186200 OK 2 B URL HTTP/2 1win.direct/microservice/ask
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://1wmdru.top/
Origin: https://1wmdru.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wmdru.top
access-control-expose-headers: Authorization
content-type: text/plain; charset=utf-8
date: Sat, 01 Apr 2023 22:18:20 GMT
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
set-cookie: core-sticky=8284bc123316e125; Path=/; HttpOnly
x-powered-by: Express
content-length: 2
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 02c95981e800dd9363a6d19dae24da1e
21059a3e85170b78c401f344a2cc11359afe51d9
c50c93dbf298c3c2e641e178f9c43680c1989bb2a06bc2db723484a7da223cd9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 22:18:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 02c95981e800dd9363a6d19dae24da1e
21059a3e85170b78c401f344a2cc11359afe51d9
c50c93dbf298c3c2e641e178f9c43680c1989bb2a06bc2db723484a7da223cd9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 22:18:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
1win.direct/microservice/ask
134.122.54.186200 OK 2 B URL HTTP/2 1win.direct/microservice/ask
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://1wmdru.top/
Origin: https://1wmdru.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wmdru.top
access-control-expose-headers: Authorization
content-type: text/plain; charset=utf-8
date: Sat, 01 Apr 2023 22:18:20 GMT
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
set-cookie: core-sticky=89f5e7df7c7bdb73; Path=/; HttpOnly
x-powered-by: Express
content-length: 2
X-Firefox-Spdy: h2
1win-cdn.com/js/icons-pack-payment-full.bf64465a7.js
104.26.5.11200 OK 22 kB URL HTTP/2 1win-cdn.com/js/icons-pack-payment-full.bf64465a7.js
IP 104.26.5.11:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 0ad6c8caabba097d1374cccd758e50c3
1a20eb83455facc4e1bc689a49b3b712e24a938a
402d7a278146e631da47a25f928afbe25091ee282a945d4d80626389eeea049a
GET /js/icons-pack-payment-full.bf64465a7.js HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=112400
access-control-allow-origin: *
etag: W/"64132cea-1b710"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Thu, 16 Mar 2023 14:51:22 GMT
cf-cache-status: HIT
age: 1373065
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PK3%2FFts%2BaBVlP42ndRJolzmumlVf6LBewKzoG1Tn%2B9P0PVjZhrhw2jHbKEnB992b2ez5YfxmSx9YAOoIT5%2FO5IPqDAjdOH7lodbpib3tUBTOIpPWiNeFNu8pEZ5ObQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b143512fc64b524-OSL
content-encoding: br
X-Firefox-Spdy: h2
adservice.google.com/ddm/fls/i/src=12688802;type=actio0;cat=allpa0;ord=1;num=8397183268278;gtm=45He33t0;auiddc=130747707.1680387496;~oref=https%3A%2F%2F1wmdru.top%2F
142.250.74.162200 OK 247 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=12688802;type=actio0;cat=allpa0;ord=1;num=8397183268278;gtm=45He33t0;auiddc=130747707.1680387496;~oref=https%3A%2F%2F1wmdru.top%2F
IP 142.250.74.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (448), with no line terminators
Hash bafd7b569533f1288bdd2d977c3c864a
3088a8bd6b66f8869aa2421d1e6467f7e221b928
d231b575d66211f53e24368b746d7735adfa56378f97dd84732701ce8b3d54a6
GET /ddm/fls/i/src=12688802;type=actio0;cat=allpa0;ord=1;num=8397183268278;gtm=45He33t0;auiddc=130747707.1680387496;~oref=https%3A%2F%2F1wmdru.top%2F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12688802.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 01 Apr 2023 22:18:20 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 247
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adservice.google.com/ddm/fls/i/src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=3816383103974.262;~oref=https://1wmdru.top/
142.250.74.162200 OK 276 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=3816383103974.262;~oref=https://1wmdru.top/
IP 142.250.74.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (519), with no line terminators
Hash 974040d94f32a087c57cb7efd5cebd79
dc5fcbf3e47a2816a94467a95b2353b95aacf923
709519e36b6e3854bfa1bcc64ae766c47f4da8a6e91a109a6daf31e3ad01900d
GET /ddm/fls/i/src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=3816383103974.262;~oref=https://1wmdru.top/ HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12572451.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 01 Apr 2023 22:18:20 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adservice.google.com/ddm/fls/i/src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=5313735779699.452;~oref=https://1wmdru.top/
142.250.74.162200 OK 276 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=5313735779699.452;~oref=https://1wmdru.top/
IP 142.250.74.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (519), with no line terminators
Hash 68791d88579f248b450d171041508b11
67ec390aa2095f069ff059b0f9b40d580c3c020b
ff44f20c38593d35e023b71ee8c6b7c1477fd1fca2363ac59f7f662c4a202fd0
GET /ddm/fls/i/src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=5313735779699.452;~oref=https://1wmdru.top/ HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12572451.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 01 Apr 2023 22:18:20 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
1win.direct/microservice/ask
134.122.54.186200 OK 2 B URL HTTP/2 1win.direct/microservice/ask
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://1wmdru.top/
Origin: https://1wmdru.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wmdru.top
access-control-expose-headers: Authorization
content-type: text/plain; charset=utf-8
date: Sat, 01 Apr 2023 22:18:20 GMT
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
set-cookie: core-sticky=45682985cc3475c0; Path=/; HttpOnly
x-powered-by: Express
content-length: 2
X-Firefox-Spdy: h2
1win.direct/microservice/ask
134.122.54.186200 OK 2 B URL HTTP/2 1win.direct/microservice/ask
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
OPTIONS /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://1wmdru.top/
Origin: https://1wmdru.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wmdru.top
access-control-expose-headers: Authorization
content-type: text/plain; charset=utf-8
date: Sat, 01 Apr 2023 22:18:20 GMT
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
set-cookie: core-sticky=abed777a6d3978f6; Path=/; HttpOnly
x-powered-by: Express
content-length: 2
X-Firefox-Spdy: h2
1win-cdn.com/img/flags/en.svg
104.26.5.11200 OK 983 B URL HTTP/2 1win-cdn.com/img/flags/en.svg
IP 104.26.5.11:0
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 065276d4b62d36e93b2dd0eb2ea8673e
99b61bf9ba1bf3399f94bea24303e47a0d7867ef
17d79cc9ace6bbbfdd6eb7f1d451ea35121b31c7b3613d221ec58ac11c59c180
GET /img/flags/en.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:19 GMT
content-type: image/svg+xml
last-modified: Mon, 23 Jan 2023 10:56:34 GMT
etag: W/"63ce67e2-8ae"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 5915089
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6QtOvhYOJYni9RYdm6l%2FvccZcrofJUSbiABdgfqeA5UG2a%2F6izLJqc1T1yBnjF68z8yYds4CR81DkuDCSB0JLhCkwQmDNd5G9IdWineRrtKhgjYNM7GoTQH%2FObiscw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b143512abe1b524-OSL
content-encoding: br
X-Firefox-Spdy: h2
1win-cdn.com/img/lucky-jet.f927485da.svg
104.26.5.11200 OK 2.0 kB URL HTTP/2 1win-cdn.com/img/lucky-jet.f927485da.svg
IP 104.26.5.11:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1830)
Hash 8b01b19bdf5edc8b24c2f1ca738d63c1
cdd3fbf39801d7dc3bae0c3ae2fe1d572f4f6ecb
61d0537c1b5afe641f9191234df0e333e5163256a394e2c5c9e217239e96d504
GET /img/lucky-jet.f927485da.svg HTTP/1.1
Host: 1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:19 GMT
content-type: image/svg+xml
last-modified: Thu, 09 Mar 2023 11:29:26 GMT
etag: W/"6409c316-f8d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 2001332
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nooc6UqH1O5rH8vKS1qEs073s94HPUHzN8Pk68PadD1m%2BSLaMFYDMj1ohivtp1NMlYMQqkaRQB16ZE8wDM98no0zLmYilCeds%2BG5mu86XhkEP5o6f7Yu6JCe5m%2BSUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b143512abeab524-OSL
content-encoding: br
X-Firefox-Spdy: h2
adservice.google.com/ddm/fls/i/src=12688802;type=actio0;cat=allpa0;ord=1;num=4046254839481;gtm=45He33t0;auiddc=130747707.1680387496;~oref=https%3A%2F%2F1wmdru.top%2F
142.250.74.162200 OK 247 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=12688802;type=actio0;cat=allpa0;ord=1;num=4046254839481;gtm=45He33t0;auiddc=130747707.1680387496;~oref=https%3A%2F%2F1wmdru.top%2F
IP 142.250.74.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (448), with no line terminators
Hash f2ab940350df1cae6d71aabd69430122
772deb67d5f3734d572d3c5e932d7d57331f7f6e
795d4ab4c54dfe194696dccae937a3c75bea0c832d95f7fc4afe7fdfc91c078d
GET /ddm/fls/i/src=12688802;type=actio0;cat=allpa0;ord=1;num=4046254839481;gtm=45He33t0;auiddc=130747707.1680387496;~oref=https%3A%2F%2F1wmdru.top%2F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12688802.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 01 Apr 2023 22:18:20 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 247
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
1win.direct/microservice/ask
134.122.54.186200 OK 2.7 kB URL HTTP/2 1win.direct/microservice/ask
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (43478), with no line terminators
Hash 3169ae0d2b2e17707f473acb57f5cfae
c7e7263c7d195ed9b9cec15f4f621a0af0b5c5e2
40a1610656ac04061c2aa32ba00fa386724055dc7ebbe74d2dc1f215e9f340ba
POST /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 71
Origin: https://1wmdru.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wmdru.top
access-control-expose-headers: Authorization
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Sat, 01 Apr 2023 22:18:20 GMT
etag: W/"a88-x+cmPH0ZXtm5zsFfT2IaCvC1xeI"
set-cookie: core-sticky=25ef8d5c1d842c0b; Path=/; HttpOnly
x-powered-by: Express
content-length: 2696
X-Firefox-Spdy: h2
1win.direct/microservice/ask
134.122.54.186200 OK 2.7 kB URL HTTP/2 1win.direct/microservice/ask
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (43478), with no line terminators
Hash 3169ae0d2b2e17707f473acb57f5cfae
c7e7263c7d195ed9b9cec15f4f621a0af0b5c5e2
40a1610656ac04061c2aa32ba00fa386724055dc7ebbe74d2dc1f215e9f340ba
POST /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 71
Origin: https://1wmdru.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wmdru.top
access-control-expose-headers: Authorization
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Sat, 01 Apr 2023 22:18:20 GMT
etag: W/"a88-x+cmPH0ZXtm5zsFfT2IaCvC1xeI"
set-cookie: core-sticky=3b2809a6d6e818d4; Path=/; HttpOnly
x-powered-by: Express
content-length: 2696
X-Firefox-Spdy: h2
1win.direct/microservice/ask
134.122.54.186200 OK 3.4 kB URL HTTP/2 1win.direct/microservice/ask
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with very long lines (17791), with no line terminators
Hash 5982057929deda0e47824cf237b97b2a
5d3603903456519945fe2723c6c5620b7a714074
960a8653f6a4693e7357e580b800ec615f0fc93dfd475f3e02573fdb10cd1f20
POST /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 101
Origin: https://1wmdru.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wmdru.top
access-control-expose-headers: Authorization
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Sat, 01 Apr 2023 22:18:20 GMT
etag: W/"d41-XTYDkDRWUZlF/icjxsViC3pxQHQ"
set-cookie: core-sticky=eacfcb9283451c19; Path=/; HttpOnly
x-powered-by: Express
content-length: 3393
X-Firefox-Spdy: h2
1win.direct/microservice/ask
134.122.54.186200 OK 3.4 kB URL HTTP/2 1win.direct/microservice/ask
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with very long lines (17791), with no line terminators
Hash 5982057929deda0e47824cf237b97b2a
5d3603903456519945fe2723c6c5620b7a714074
960a8653f6a4693e7357e580b800ec615f0fc93dfd475f3e02573fdb10cd1f20
POST /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 88
Origin: https://1wmdru.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wmdru.top
access-control-expose-headers: Authorization
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Sat, 01 Apr 2023 22:18:20 GMT
etag: W/"d41-XTYDkDRWUZlF/icjxsViC3pxQHQ"
set-cookie: core-sticky=d9ff2d6049763a8f; Path=/; HttpOnly
x-powered-by: Express
content-length: 3393
X-Firefox-Spdy: h2
1win.direct/microservice/ask
134.122.54.186200 OK 16 kB URL HTTP/2 1win.direct/microservice/ask
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash bed375c6bd77dd8c86028623a860d239
9221a6ad0c1896e423c978cd2e503c48ccdb9149
91fe1797116990b9bbba0b9838f20e854bb9d6da0d011c4932ff6ee0db1460c9
POST /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 67
Origin: https://1wmdru.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wmdru.top
access-control-expose-headers: Authorization
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Sat, 01 Apr 2023 22:18:20 GMT
etag: W/"3ff8-kiGmrQwYluQjyXjNLlA8SMzbkUk"
set-cookie: core-sticky=51bb0d365f2cc9d6; Path=/; HttpOnly
x-powered-by: Express
content-length: 16376
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 02c95981e800dd9363a6d19dae24da1e
21059a3e85170b78c401f344a2cc11359afe51d9
c50c93dbf298c3c2e641e178f9c43680c1989bb2a06bc2db723484a7da223cd9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 22:18:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
1win.direct/microservice/ask
134.122.54.186200 OK 46 kB URL HTTP/2 1win.direct/microservice/ask
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Hash 39a2cba13fb3a45e7d7094cddff4e979
726d22e88d64568d9164bcc40029921be75bacd0
b86ef4579e3f0d03fcc0eb7310295d49de25d7bfcfbb104299ac66a31f7a253a
POST /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 85
Origin: https://1wmdru.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wmdru.top
access-control-expose-headers: Authorization
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Sat, 01 Apr 2023 22:18:20 GMT
etag: W/"b274-cm0i6I1kVo2RZLzEACmSG+dbrNA"
set-cookie: core-sticky=ddc097a1e211262f; Path=/; HttpOnly
x-powered-by: Express
content-length: 45684
X-Firefox-Spdy: h2
1win.direct/microservice/ask
134.122.54.186200 OK 45 kB URL HTTP/2 1win.direct/microservice/ask
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Hash 63a266cfd3b15ec842b3f0aa6e28f780
0c2f12c8e3f4953d7269f35c7a66bb80daaa7c56
bca7961597059b3b1cd717da8ded5072efd959ad5acb6ebadff2613f57dd0411
POST /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 98
Origin: https://1wmdru.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wmdru.top
access-control-expose-headers: Authorization
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Sat, 01 Apr 2023 22:18:20 GMT
etag: W/"b115-DC8SyOP0lT1yafNcema7gNqqfFY"
set-cookie: core-sticky=9250e14e76aadaf9; Path=/; HttpOnly
x-powered-by: Express
content-length: 45333
X-Firefox-Spdy: h2
1win.direct/microservice/ask
134.122.54.186200 OK 16 kB URL HTTP/2 1win.direct/microservice/ask
IP 134.122.54.186:0
ASN #14061 DIGITALOCEAN-ASN
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash bed375c6bd77dd8c86028623a860d239
9221a6ad0c1896e423c978cd2e503c48ccdb9149
91fe1797116990b9bbba0b9838f20e854bb9d6da0d011c4932ff6ee0db1460c9
POST /microservice/ask HTTP/1.1
Host: 1win.direct
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 80
Origin: https://1wmdru.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://1wmdru.top
access-control-expose-headers: Authorization
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Sat, 01 Apr 2023 22:18:20 GMT
etag: W/"3ff8-kiGmrQwYluQjyXjNLlA8SMzbkUk"
set-cookie: core-sticky=ab21a4092c9df008; Path=/; HttpOnly
x-powered-by: Express
content-length: 16376
X-Firefox-Spdy: h2
1wmdru.top/common/title?path=bets&lang=en
190.115.24.78200 OK 16 B URL HTTP/2 1wmdru.top/common/title?path=bets&lang=en
IP 190.115.24.78:0
ASN #262254 DDOS-GUARD CORP.
File type JSON data\012- , ASCII text, with no line terminators
Hash 7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
GET /common/title?path=bets&lang=en HTTP/1.1
Host: 1wmdru.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1wmdru.top/
Connection: keep-alive
Cookie: visit_domain=1wmdru.top; core-sticky=http://10.233.80.135:80; amp_494ccc=zZQ43L-3dohFyQM8A6L_m-...1gsvecm73.1gsvecmh5.0.4.4; 1w_lang=en; _gcl_au=1.1.130747707.1680387496; _ga_548949LWLW=GS1.1.1680387497.1.0.1680387497.0.0.0; _ga=GA1.1.75285944.1680387497
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty/1.19.9.1
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: application/json; charset=utf-8
content-length: 16
vary: Origin
x-frame-options: DENY
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-548949LWLW>m=45je33t0&_p=1487818403&cid=75285944.1680387497&ul=en-us&sr=1280x1024&_s=1&sid=1680387497&sct=1&seg=0&dl=https%3A%2F%2F1wmdru.top%2Fbets%2Fhome&dt=1win%20-%20Loading&en=page_view&_fv=1&_nsi=1&_ss=1&up.platform_language=en
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-548949LWLW>m=45je33t0&_p=1487818403&cid=75285944.1680387497&ul=en-us&sr=1280x1024&_s=1&sid=1680387497&sct=1&seg=0&dl=https%3A%2F%2F1wmdru.top%2Fbets%2Fhome&dt=1win%20-%20Loading&en=page_view&_fv=1&_nsi=1&_ss=1&up.platform_language=en
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-548949LWLW>m=45je33t0&_p=1487818403&cid=75285944.1680387497&ul=en-us&sr=1280x1024&_s=1&sid=1680387497&sct=1&seg=0&dl=https%3A%2F%2F1wmdru.top%2Fbets%2Fhome&dt=1win%20-%20Loading&en=page_view&_fv=1&_nsi=1&_ss=1&up.platform_language=en HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wmdru.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://1wmdru.top
date: Sat, 01 Apr 2023 22:18:20 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
script.hotjar.com/modules.76304821fe35d593f0f4.js
54.230.111.44200 OK 69 kB URL HTTP/2 script.hotjar.com/modules.76304821fe35d593f0f4.js
IP 54.230.111.44:0
File type Unicode text, UTF-8 text, with very long lines (50980)
Hash fa9caf97b169b97f64425fac5776898a
799cdbf5060714a92aa991f93202cc55f97ca60c
29c10624673cbf80e30c64190a1bc32131ed5f4be8879fe21e4b68b22a5c24a6
GET /modules.76304821fe35d593f0f4.js HTTP/1.1
Host: script.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
HTTP/2 200 OK
content-type: application/javascript
content-length: 68985
date: Thu, 30 Mar 2023 07:56:07 GMT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=31536000
content-encoding: br
cross-origin-resource-policy: cross-origin
etag: "fa9caf97b169b97f64425fac5776898a"
last-modified: Thu, 30 Mar 2023 07:56:01 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: GVG0tAW9nwZgMI41loWjJVmQIQm2bwyFhenePTpFvUnUy6zngzbGhg==
age: 224533
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 01 Apr 2023 22:18:20 GMT
access-control-allow-origin: *
etag: "64241f95-2b"
expires: Sat, 01 Apr 2023 23:18:20 GMT
accept-ranges: bytes
last-modified: Wed, 29 Mar 2023 14:23:01 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
api.amplitude.com/
52.12.237.161200 OK 7 B IP 52.12.237.161:0
File type ASCII text, with no line terminators
Hash 260ca9dd8a4577fc00b7bd5810298076
53a5687cb26dc41f2ab4033e97e13adefd3740d6
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
POST / HTTP/1.1
Host: api.amplitude.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 3048
Cross-Origin-Resource-Policy: cross-origin
Origin: https://1wmdru.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:20 GMT
content-type: text/html;charset=utf-8
content-length: 7
access-control-allow-origin: *
access-control-allow-methods: GET, POST
trace-id: Root=1-6428adac-7a79789e681b3ae74c70fc74
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
ps250.1win-service.com/push-server-v2/?Language=en&snapshot_time=1680387496254&shouldCompress=true&EIO=3&transport=websocket
104.21.53.47101 Switching Protocols 0 B URL HTTP/1.1 ps250.1win-service.com/push-server-v2/?Language=en&snapshot_time=1680387496254&shouldCompress=true&EIO=3&transport=websocket
IP 104.21.53.47:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /push-server-v2/?Language=en&snapshot_time=1680387496254&shouldCompress=true&EIO=3&transport=websocket HTTP/1.1
Host: ps250.1win-service.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://1wmdru.top
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: NZrSGG2qeEvsuHfxSorDwg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Sat, 01 Apr 2023 22:18:21 GMT
Connection: upgrade
upgrade: websocket
sec-websocket-accept: 8wo6hv2gg0OB2KeGAG/m1Xl76Tg=
sec-websocket-extensions: permessage-deflate
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1srSVlvfsw0M3c0OdXOoKXh0MB7qgOUBEriESQGAHxDXA4FksyJ14fzkgd4j9AV8eGZwnSoR%2F3fQacMkdvkwJOKRPRJ40Lv4mm56aHTkOVn0oBb4lgREsz6U25N6yxe1qQcbJsgn%2FmbH"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b143519aa690afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 18418d3f10a64710975ca7b3e16ffc95
40b7c0c3b740fc1fe9e19b9b5348ae1c389e382b
ccf6cda6138b655ea44261ebc452389c887b5560af11720544cd2f2360489f18
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 22:18:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 18418d3f10a64710975ca7b3e16ffc95
40b7c0c3b740fc1fe9e19b9b5348ae1c389e382b
ccf6cda6138b655ea44261ebc452389c887b5560af11720544cd2f2360489f18
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 22:18:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/ddm/fls/i/src=12688802;type=actio0;cat=allpa0;ord=1;num=8397183268278;gtm=45He33t0;auiddc=130747707.1680387496;~oref=https%3A%2F%2F1wmdru.top%2F
142.250.74.34200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=12688802;type=actio0;cat=allpa0;ord=1;num=8397183268278;gtm=45He33t0;auiddc=130747707.1680387496;~oref=https%3A%2F%2F1wmdru.top%2F
IP 142.250.74.34:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=12688802;type=actio0;cat=allpa0;ord=1;num=8397183268278;gtm=45He33t0;auiddc=130747707.1680387496;~oref=https%3A%2F%2F1wmdru.top%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 01 Apr 2023 22:18:24 GMT
expires: Sat, 01 Apr 2023 22:18:24 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adservice.google.no/ddm/fls/i/src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=5313735779699.452;~oref=https://1wmdru.top/
142.250.74.34200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=5313735779699.452;~oref=https://1wmdru.top/
IP 142.250.74.34:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=5313735779699.452;~oref=https://1wmdru.top/ HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 01 Apr 2023 22:18:24 GMT
expires: Sat, 01 Apr 2023 22:18:24 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/92006234?wmode=7&page-url=https%3A%2F%2F1wmdru.top%2Fbets%2Fhome&charset=utf-8&browser-info=pv%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afp%3A813%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A991%3Acn%3A1%3Adp%3A0%3Als%3A912799043802%3Ahid%3A1020009121%3Az%3A0%3Ai%3A20230401221817%3Aet%3A1680387497%3Ac%3A1%3Arn%3A16426529%3Arqn%3A1%3Au%3A1680387497828857380%3Aw%3A1274x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C263%2C115%2C0%2C296%2C0%2C%2C112%2C1%2C1775%2C1775%2C0%2C1344%3Aco%3A0%3Ans%3A1680387494665%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1680387497%3At%3A1win%20-%20Loading&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
93.158.134.119302 Found 407 B URL HTTP/2 mc.yandex.ru/watch/92006234?wmode=7&page-url=https%3A%2F%2F1wmdru.top%2Fbets%2Fhome&charset=utf-8&browser-info=pv%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afp%3A813%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A991%3Acn%3A1%3Adp%3A0%3Als%3A912799043802%3Ahid%3A1020009121%3Az%3A0%3Ai%3A20230401221817%3Aet%3A1680387497%3Ac%3A1%3Arn%3A16426529%3Arqn%3A1%3Au%3A1680387497828857380%3Aw%3A1274x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C263%2C115%2C0%2C296%2C0%2C%2C112%2C1%2C1775%2C1775%2C0%2C1344%3Aco%3A0%3Ans%3A1680387494665%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1680387497%3At%3A1win%20-%20Loading&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP 93.158.134.119:0
File type JSON data\012- , ASCII text, with very long lines (407), with no line terminators
Hash d78d2476bfe7a838a774dabb574d36e6
0208595443c30a8b21a01316fa186604b3c6aeae
692f61fec1c1d310add2514e3c10d3f0ec5d20c73f750f6958b3fd899faa58f4
GET /watch/92006234?wmode=7&page-url=https%3A%2F%2F1wmdru.top%2Fbets%2Fhome&charset=utf-8&browser-info=pv%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afp%3A813%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A991%3Acn%3A1%3Adp%3A0%3Als%3A912799043802%3Ahid%3A1020009121%3Az%3A0%3Ai%3A20230401221817%3Aet%3A1680387497%3Ac%3A1%3Arn%3A16426529%3Arqn%3A1%3Au%3A1680387497828857380%3Aw%3A1274x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C263%2C115%2C0%2C296%2C0%2C%2C112%2C1%2C1775%2C1775%2C0%2C1344%3Aco%3A0%3Ans%3A1680387494665%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1680387497%3At%3A1win%20-%20Loading&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1wmdru.top
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 302 Found
location: /watch/92006234/1?wmode=7&page-url=https%3A%2F%2F1wmdru.top%2Fbets%2Fhome&charset=utf-8&browser-info=pv%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afp%3A813%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A991%3Acn%3A1%3Adp%3A0%3Als%3A912799043802%3Ahid%3A1020009121%3Az%3A0%3Ai%3A20230401221817%3Aet%3A1680387497%3Ac%3A1%3Arn%3A16426529%3Arqn%3A1%3Au%3A1680387497828857380%3Aw%3A1274x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C263%2C115%2C0%2C296%2C0%2C%2C112%2C1%2C1775%2C1775%2C0%2C1344%3Aco%3A0%3Ans%3A1680387494665%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1680387497%3At%3A1win%20-%20Loading&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Sat, 01 Apr 2023 22:18:20 GMT
access-control-allow-origin: https://1wmdru.top
set-cookie: yabs-sid=2516705161680387500; Path=/; SameSite=None; Secure
i=HADe0WAW6K3uDfyKy0n5aoDyw9D6tJZN3inlW+J2IR2Z/WESi9YoLrHIp8ANyK+sw/WlWx/uNeKAnM4HwHU4HCUBXiY=; Expires=Tue, 29-Mar-2033 22:18:17 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=1865939321680387500; Expires=Tue, 29-Mar-2033 22:18:17 GMT; Domain=.yandex.ru; Path=/; Secure; SameSite=None
yuidss=1865939321680387500; Expires=Sun, 31-Mar-2024 22:18:20 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1711923500.yc.1680387500#1711923500.yrts.1680387500#1711923500.yrtsi.1680387500; Expires=Sun, 31-Mar-2024 22:18:20 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 01-Apr-2023 22:18:20 GMT
last-modified: Sat, 01-Apr-2023 22:18:20 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
adservice.google.no/ddm/fls/i/src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=3816383103974.262;~oref=https://1wmdru.top/
142.250.74.34200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=3816383103974.262;~oref=https://1wmdru.top/
IP 142.250.74.34:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=12572451;type=1m0c10;cat=all_p0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1;num=3816383103974.262;~oref=https://1wmdru.top/ HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 01 Apr 2023 22:18:24 GMT
expires: Sat, 01 Apr 2023 22:18:24 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 18418d3f10a64710975ca7b3e16ffc95
40b7c0c3b740fc1fe9e19b9b5348ae1c389e382b
ccf6cda6138b655ea44261ebc452389c887b5560af11720544cd2f2360489f18
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 22:18:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/3d4ea7ab-6715-4775-81a4-12ac18582d63.jpg@avif
104.26.5.11200 OK 7.2 kB URL HTTP/2 imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/3d4ea7ab-6715-4775-81a4-12ac18582d63.jpg@avif
IP 104.26.5.11:0
File type ISO Media, AVIF Image\012- data
Hash b12d1bbe0233aa73f760382827824f08
e8905c625cf516249ac101f617be5bc776ed2a2a
c1b1bbc42828451f7d4f6c176a3738230c74ce627d93592f405ea4d6d9caf9d6
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/pragmatic/3d4ea7ab-6715-4775-81a4-12ac18582d63.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:24 GMT
content-type: image/avif
content-length: 7179
cache-control: public, max-age=31536000
content-disposition: inline; filename="3d4ea7ab-6715-4775-81a4-12ac18582d63.avif"
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjYzZTM3MmYxLWViODEi"
expires: Mon, 27 Mar 2023 20:59:05 GMT
x-request-id: -k5Tq--TPVqHMqgNByLnU
x-cache-status: HIT
cf-cache-status: HIT
age: 447409
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SpW7ZoLzG1IuAhz7Eau8wBTs3QH%2Bk8SGYN%2FDDNf73uUBAQdujhon%2B6N8Bjo1409MMVZPCcxykEoPq1xtuf0cWIvFGwLfns%2Bp3NDAPiG%2FU3%2Fz1GsH10fQ7n33GnEqqdUzauLS0zjk8A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435307f2cb524-OSL
X-Firefox-Spdy: h2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/a9b37cba-3f6f-45bf-870f-1690a3fd15ac.jpg@avif
104.26.5.11200 OK 5.9 kB URL HTTP/2 imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/a9b37cba-3f6f-45bf-870f-1690a3fd15ac.jpg@avif
IP 104.26.5.11:0
File type ISO Media, AVIF Image\012- data
Hash 9e0a2ed55e2eba878cccec8d390cf975
64a31451eaacd697fbd126280a4e3e84656ad1d3
a80db99a2b6c9a373e1d22292b4f4c1dae92f15715f3ea9c2ad6a09dfe44d1cc
GET /unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/a9b37cba-3f6f-45bf-870f-1690a3fd15ac.jpg@avif HTTP/1.1
Host: imgproxy.1win-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Referer: https://1wmdru.top/
Connection: keep-alive
TE: trailers
HTTP/2 200 OK
date: Sat, 01 Apr 2023 22:18:24 GMT
content-type: image/avif
content-length: 5892
cache-control: public, max-age=31536000
content-disposition: inline; filename="a9b37cba-3f6f-45bf-870f-1690a3fd15ac.avif"
etag: "qZN6EBzPegPBpsimkrNBhehT4d3pwCv1LGwwuLjYmzM/RIjY0MDA5YjgyLTEzYTNhIg"
expires: Wed, 05 Apr 2023 14:39:23 GMT
x-request-id: cSVTC6AmN47nanATbInEv
x-cache-status: HIT
cf-cache-status: HIT
age: 195713
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KvSPdY8i9PlW77e9LRQmH8%2FM25dgAJZy%2BmF8cxjLRhpqcNLAMWqv08BjlCyqTpK6hh8oUUJw3CDHqwnjWFOxlBk5c1WB7N%2FwofTUNy%2F0Wl5nmMzC%2B1JRUu4XifGTjvr6lzFHwkNg%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b1435307f2db524-OSL
X-Firefox-Spdy: h2
imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/c_43e8104bf8571b534d0d238b5f5e92eb.gif@avif
104.26.5.11200 OK 5.8 kB URL HTTP/2 imgproxy.1win-cdn.com/unsafe/casino_list_big_1x/plain/https://1win-cdn.com/casino-images/endorphina/c_43e8104bf8571b534d0d238b5f5e92eb.gif@avif
IP 104.26.5.11:0
File type ISO Media, AVIF Image\012- data
Hash 2f51b89b2a5a18ad2482aac0f92db5fb
d8cd5e1638fe88e7bf13401519a165e7ef960c1a
a3903d9908d5ebab4259d5eea0ccb36b61adcd92295ca8a53679ea3a7f2bfb53